Bug 1322249

Summary: The pre-deployment part of logging doc needs to be updated
Product: OpenShift Container Platform Reporter: Xia Zhao <xiazhao>
Component: DocumentationAssignee: Kathryn Alexander <kalexand>
Status: CLOSED NOTABUG QA Contact: Junqi Zhao <juzhao>
Severity: medium Docs Contact: Vikram Goyal <vigoyal>
Priority: medium    
Version: 3.2.0CC: aos-bugs, jokerman, juzhao, kalexand, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-27 03:27:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Xia Zhao 2016-03-30 06:56:03 UTC 
Problem description: 
To avoid https://bugzilla.redhat.com/show_bug.cgi?id=1321533 we now need the deployer to have the cluster-admin role:
oadm policy add-cluster-role-to-user cluster-admin system:serviceaccount:logging:logging-deployer

Version-Release number of selected component (if applicable):
https://docs.openshift.org/latest/install_config/aggregate_logging.html#pre-deployment-configuration

How reproducible:
Always

Steps to Reproduce:
Visit https://docs.openshift.org/latest/install_config/aggregate_logging.html#pre-deployment-configuration

Actual Result:
oadm policy add-cluster-role-to-user edit system:serviceaccount:logging:logging-deployer

Expected Result:
oadm policy add-cluster-role-to-user cluster-admin system:serviceaccount:logging:logging-deployer

Additional info:
Please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1321533 for more detail
Comment 2 Kathryn Alexander 2018-04-24 14:43:25 UTC 
It looks like this command is wrong in 3.2 to 3.4. 

I have a PR here to correct the command: https://github.com/openshift/openshift-docs/pull/8869

@Anping, will you please confirm?
Comment 3 Anping Li 2018-04-27 02:19:05 UTC 
@juzhao,  Must we add-cluster-role-to-user cluster-admin ystem:serviceaccount:logging:logging-deployer?
Comment 4 Junqi Zhao 2018-04-27 03:27:20 UTC 
It is no need to change the doc now, so no need to merge the PR, it could be closed as NOTABUG

This doc issue was filed at 2016-03-30, the descripton was
"oadm policy add-cluster-role-to-user edit system:serviceaccount:logging:logging-deployer", the role was "edit"

later we changed to role to "oauth-editor", it does not block the installation

"oadm policy add-cluster-role-to-user oauth-editor system:serviceaccount:logging:logging-deployer", the role was "edit"
Comment 5 Junqi Zhao 2018-04-27 03:29:02 UTC 
(In reply to Junqi Zhao from comment #4)
typo, change 
> "oadm policy add-cluster-role-to-user oauth-editor
> system:serviceaccount:logging:logging-deployer", the role was "edit"

to

"oadm policy add-cluster-role-to-user oauth-editor
> system:serviceaccount:logging:logging-deployer", the role was "oauth-editor"