Bug 1463630
Summary: | [trello pyDUR5Bx] oc cluster up fails with --service-catalog flag on Windows | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Dongbo Yan <dyan> |
Component: | Security | Assignee: | Mo <mkhan> |
Status: | CLOSED ERRATA | QA Contact: | Xiaoli Tian <xtian> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 3.6.0 | CC: | aos-bugs, deads, dyan, jialiu, jokerman, mmccomas, smunilla |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-10 05:28:56 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dongbo Yan
2017-06-21 11:30:17 UTC
This seems like a possible bug in the windows client. On the same machine were you are hitting this error, can you start up oc cluster up without the --service-catalog flag, and then run: $ oc login -u system:admin $ oc new-app -f https://raw.githubusercontent.com/openshift/origin/master/examples/service-catalog/service-catalog.yaml --loglevel=5 ? Hi, ben, please check --> Creating resources ... clusterrole "servicecatalog-serviceclass-viewer" created clusterrolebinding "servicecatalog-serviceclass-viewer-binding" created serviceaccount "service-catalog-controller" created serviceaccount "service-catalog-apiserver" created clusterrole "namespace-viewer" created clusterrolebinding "service-catalog-namespace-viewer-binding" created clusterrolebinding "service-catalog-controller-namespace-viewer-binding" created clusterrole "service-catalog-controller" created clusterrolebinding "service-catalog-controller-binding" created role "endpoint-accessor" created error: role.authorization.openshift.io "endpoint-accessor" not found role "extension-apiserver-authentication-reader" created rolebinding "extension-apiserver-authentication-reader-binding" created clusterrolebinding "system:auth-delegator-binding" created deployment "apiserver" created service "apiserver" created deployment "controller-manager" created service "controller-manager" created --> Failed ultimate this issue is related to code that's in the "brew-pulp.../openshift3/ose:v3.6" image you were using during the test. Can you check if the same image was being used for both the windows and other tests? I'm wondering if your windows environment had an old version of the image around. I check the ose image on Macbook and Windows, they are the same version. brew-pulp.../openshift3/ose v3.6 bbac4caf7fb5 43 hours ago 994 MB this looks like it may be a race condition, i hit it once on my linux machine while trying to do something else. will keep investigating. Would be curious if you are hitting it consistently though. Test with new oc client oc v3.6.121 kubernetes v1.6.1+5115d708d7 could execute command with service-catalog flag successfully, but it is instable. Sometimes cannot see installed templates in service-catalog, and sometimes can see all templates This appears to be a race condition, our template creates the role and then the rolebinding: https://github.com/openshift/origin/blob/master/examples/service-catalog/service-catalog.yaml#L115-L138 we can see from the output that the role was created successfully, but then immediately after it can't be found (some sort of caching issue). role "endpoint-accessor" created error: role.authorization.openshift.io "endpoint-accessor" not found David tracked down what's happening here and has details. Looks like the non-cached rule resolver in the virtual storage is actually using a cache. Since this issue does not reproduce all the time, modify severity to low Verified oc v3.6.135 kubernetes v1.6.1+5115d708d7 could move to verified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1716 |