Thanks for pointing it out. So in the file:
*$> cat origin-master-controllers* *OPTIONS=--loglevel=2 --listen=https://0.0.0.0:8444 <https://0.0.0.0:8444>* *CONFIG_FILE=/etc/origin/master/master-config.yaml* *OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000* *AWS_ACCESS_KEY_ID=* *AWS_SECRET_ACCESS_KEY=* *# Proxy configuration* *# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy <https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy>* Is my understanding incorrect that during install, if i provided key/secret key as environment variables, those values will not be captured here? Do i need to hardcode the key/secretkey here and restart master service? On Wed, Nov 15, 2017 at 8:11 PM, Hemant Kumar <heku...@redhat.com> wrote: > The AWS access key and secret key should be accessible to openshift > controller manager [usually] via environment variables. Can you double > check if - /etc/sysconfig/atomic-openshift-* has those keys and secrets > listed? > > If inventory and openshift-ansible had access to those keys during cluster > creation then those keys should be correctly placed in > /etc/sysconfig/atomic-openshift-* files. > > > > > > On Wed, Nov 15, 2017 at 9:17 AM, Md Faizan Ali <mdfaizanal...@gmail.com> > wrote: > >> I am running openshift origin 3.6 ( kube v1.6.1+5115d708d7) in AWS. >> Ansible inventory contains cloud provider configuration and I can see the >> config files on the master nodes. >> >> >> *# From inventory* >> * # AWS* >> * openshift_cloudprovider_kind=aws* >> * openshift_cloudprovider_aws_access_key="{{ >> lookup('env','AWS_ACCESS_KEY_ID') }}"* >> * openshift_cloudprovider_aws_secret_key="{{ >> lookup('env','AWS_SECRET_ACCESS_KEY') }}"* >> >> *I have also provisioned a storageclass * >> >> * # oc get storageclass* >> * NAME TYPE* >> * fast (default) kubernetes.io/aws-ebs >> <http://kubernetes.io/aws-ebs>* >> *However, when i try to create a pvc:* >> >> * kind: "PersistentVolumeClaim"* >> * apiVersion: "v1"* >> * metadata:* >> * name: "testclaim"* >> * namespace: testns* >> * spec:* >> * accessModes:* >> * - "ReadWriteOnce"* >> * resources:* >> * requests:* >> * storage: "3Gi"* >> * storageClassName: fast* >> It just goes in infinite loop trying to get the pvc created. Events show >> me this error: >> >> *(combined from similar events): Failed to provision volume with >> StorageClass "fast": UnauthorizedOperation: You are not authorized to >> perform this operation. Encoded authorization failure message: >> $(encoded-message) status code: 403, request id: >> d0742e84-a2e1-4bfd-b642-c6f1a61ddc1b* >> >> Unfortunately I cannot decode the encoded message using aws cli as it >> gives error. >> >> *aws sts decode-authorization-message -–encoded-message >> $(encoded-message) * >> * Error: UnicodeWarning: Unicode equal comparison failed to convert >> both arguments to Unicode - interpreting them as being unequal* >> >> I have now also tried pv+pvc and using that in a pod. Everything gets >> created and I can see the claim. However when I try to mount it, I see >> similar errors with permission denied. Any pointers please. >> >> >> >> So far I have been able to deploy pods, services etc and they seem to be >> working fine. >> >> _______________________________________________ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
