The AWS access key and secret key should be accessible to openshift controller manager [usually] via environment variables. Can you double check if - /etc/sysconfig/atomic-openshift-* has those keys and secrets listed?
If inventory and openshift-ansible had access to those keys during cluster creation then those keys should be correctly placed in /etc/sysconfig/atomic-openshift-* files. On Wed, Nov 15, 2017 at 9:17 AM, Md Faizan Ali <[email protected]> wrote: > I am running openshift origin 3.6 ( kube v1.6.1+5115d708d7) in AWS. > Ansible inventory contains cloud provider configuration and I can see the > config files on the master nodes. > > > *# From inventory* > * # AWS* > * openshift_cloudprovider_kind=aws* > * openshift_cloudprovider_aws_access_key="{{ > lookup('env','AWS_ACCESS_KEY_ID') }}"* > * openshift_cloudprovider_aws_secret_key="{{ > lookup('env','AWS_SECRET_ACCESS_KEY') }}"* > > *I have also provisioned a storageclass * > > * # oc get storageclass* > * NAME TYPE* > * fast (default) kubernetes.io/aws-ebs > <http://kubernetes.io/aws-ebs>* > *However, when i try to create a pvc:* > > * kind: "PersistentVolumeClaim"* > * apiVersion: "v1"* > * metadata:* > * name: "testclaim"* > * namespace: testns* > * spec:* > * accessModes:* > * - "ReadWriteOnce"* > * resources:* > * requests:* > * storage: "3Gi"* > * storageClassName: fast* > It just goes in infinite loop trying to get the pvc created. Events show > me this error: > > *(combined from similar events): Failed to provision volume with > StorageClass "fast": UnauthorizedOperation: You are not authorized to > perform this operation. Encoded authorization failure message: > $(encoded-message) status code: 403, request id: > d0742e84-a2e1-4bfd-b642-c6f1a61ddc1b* > > Unfortunately I cannot decode the encoded message using aws cli as it > gives error. > > *aws sts decode-authorization-message -–encoded-message > $(encoded-message) * > * Error: UnicodeWarning: Unicode equal comparison failed to convert > both arguments to Unicode - interpreting them as being unequal* > > I have now also tried pv+pvc and using that in a pod. Everything gets > created and I can see the claim. However when I try to mount it, I see > similar errors with permission denied. Any pointers please. > > > > So far I have been able to deploy pods, services etc and they seem to be > working fine. > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
