No, i did not hardcode credentials. I should have probably used IAM role for it when I was setting the cluster up. I will look into this by looking at the plays and try and understand why credentials were missing from the file. However, i hardcoded credentials in the controller file and restarted controller, worked absolutely fine. Thank you!
On Wed, Nov 15, 2017 at 9:01 PM, Hemant Kumar <[email protected]> wrote: > Have you tried hardcoding key and secret in inventory file rather than > having it look up from environment variable? > > On Wed, Nov 15, 2017 at 10:20 AM, Md Faizan Ali <[email protected]> > wrote: > >> Thanks for pointing it out. >> >> So in the file: >> >> *$> cat origin-master-controllers* >> *OPTIONS=--loglevel=2 --listen=https://0.0.0.0:8444 >> <https://0.0.0.0:8444>* >> *CONFIG_FILE=/etc/origin/master/master-config.yaml* >> *OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000* >> >> *AWS_ACCESS_KEY_ID=* >> *AWS_SECRET_ACCESS_KEY=* >> >> *# Proxy configuration* >> *# See >> https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy >> <https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy>* >> >> Is my understanding incorrect that during install, if i provided >> key/secret key as environment variables, those values will not be captured >> here? Do i need to hardcode the key/secretkey here and restart master >> service? >> >> >> >> On Wed, Nov 15, 2017 at 8:11 PM, Hemant Kumar <[email protected]> wrote: >> >>> The AWS access key and secret key should be accessible to openshift >>> controller manager [usually] via environment variables. Can you double >>> check if - /etc/sysconfig/atomic-openshift-* has those keys and secrets >>> listed? >>> >>> If inventory and openshift-ansible had access to those keys during >>> cluster creation then those keys should be correctly placed in >>> /etc/sysconfig/atomic-openshift-* files. >>> >>> >>> >>> >>> >>> On Wed, Nov 15, 2017 at 9:17 AM, Md Faizan Ali <[email protected]> >>> wrote: >>> >>>> I am running openshift origin 3.6 ( kube v1.6.1+5115d708d7) in AWS. >>>> Ansible inventory contains cloud provider configuration and I can see the >>>> config files on the master nodes. >>>> >>>> >>>> *# From inventory* >>>> * # AWS* >>>> * openshift_cloudprovider_kind=aws* >>>> * openshift_cloudprovider_aws_access_key="{{ >>>> lookup('env','AWS_ACCESS_KEY_ID') }}"* >>>> * openshift_cloudprovider_aws_secret_key="{{ >>>> lookup('env','AWS_SECRET_ACCESS_KEY') }}"* >>>> >>>> *I have also provisioned a storageclass * >>>> >>>> * # oc get storageclass* >>>> * NAME TYPE* >>>> * fast (default) kubernetes.io/aws-ebs >>>> <http://kubernetes.io/aws-ebs>* >>>> *However, when i try to create a pvc:* >>>> >>>> * kind: "PersistentVolumeClaim"* >>>> * apiVersion: "v1"* >>>> * metadata:* >>>> * name: "testclaim"* >>>> * namespace: testns* >>>> * spec:* >>>> * accessModes:* >>>> * - "ReadWriteOnce"* >>>> * resources:* >>>> * requests:* >>>> * storage: "3Gi"* >>>> * storageClassName: fast* >>>> It just goes in infinite loop trying to get the pvc created. Events >>>> show me this error: >>>> >>>> *(combined from similar events): Failed to provision volume >>>> with StorageClass "fast": UnauthorizedOperation: You are not authorized to >>>> perform this operation. Encoded authorization failure message: >>>> $(encoded-message) status code: 403, request id: >>>> d0742e84-a2e1-4bfd-b642-c6f1a61ddc1b* >>>> >>>> Unfortunately I cannot decode the encoded message using aws cli as it >>>> gives error. >>>> >>>> *aws sts decode-authorization-message -–encoded-message >>>> $(encoded-message) * >>>> * Error: UnicodeWarning: Unicode equal comparison failed to >>>> convert both arguments to Unicode - interpreting them as being unequal* >>>> >>>> I have now also tried pv+pvc and using that in a pod. Everything gets >>>> created and I can see the claim. However when I try to mount it, I see >>>> similar errors with permission denied. Any pointers please. >>>> >>>> >>>> >>>> So far I have been able to deploy pods, services etc and they seem to >>>> be working fine. >>>> >>>> _______________________________________________ >>>> users mailing list >>>> [email protected] >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>> >>>> >>> >> >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
