Bug 1464569
Summary: | custom role bindings did not survive a cluster reboot | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Sten Turpin <sten> |
Component: | apiserver-auth | Assignee: | Jordan Liggitt <jliggitt> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Chuan Yu <chuyu> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.4.1 | CC: | aos-bugs, deads, eparis, jialiu, jliggitt, jokerman, mmccomas, mwhittin, sten, stwalter |
Target Milestone: | --- | Keywords: | OpsBlocker |
Target Release: | 3.4.z | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-16 22:02:42 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sten Turpin
2017-06-23 19:22:57 UTC
The openshift apiserver does not modify rolebindings as part of startup if any such resources already exist. If the cluster is large enough, you may be waiting for the authorization cache to re-prime. Could you check to see if the rolebinding in question (and its role) still exists? Can you provide the commands used to create the custom bindings, and the following info about them: 1. were they rolebindings or clusterrolebindings? if rolebindings, in what namespace and to what role? 2. what command/manifest was used to create the binding? 3. can you provide the output of the following from the current cluster: oc get clusterpolicy/default -o yaml oc get clusterpolicybinding/:default -o yaml and if the missing binding was a rolebinding: oc get policy/default -o yaml -n <binding-namespace> oc get policybinding/:default -o yaml -n <binding-namespace> are there any role-related commands run as part of a shutdown or bring-up script? At this point we have been unable to reproduce the problem and do not have adequate data to make further progress. I apologize but am closing this bug as UNSUFFICIENT_DATA since we will be unable to resolve the issue. |