Bug 1550018

Summary: The ServiceAccount 'aggregated-logging-fluentd' is not a cluster-reader in the 'logging' project
Product: OpenShift Container Platform Reporter: Anping Li <anli>
Component: LoggingAssignee: Jan Wozniak <jwozniak>
Status: CLOSED ERRATA QA Contact: Anping Li <anli>
Severity: low Docs Contact:
Priority: unspecified    
Version: 3.9.0CC: aos-bugs, jcantril, jokerman, lmeyer, mfojtik, mmccomas, rmeggins
Target Milestone: ---   
Target Release: 3.9.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-05-17 06:42:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Anping Li 2018-02-28 10:17:35 UTC 
Description of problem:
oc adm  diagnostics aggregatedlogging always report ServiceAccount error. 

The PR https://github.com/openshift/origin/pull/18641 have been submit to fix this error.

That bug is opened to trace this PR.



Version-Release number of selected component (if applicable):
diagnostics

How reproducible:
always

Steps to Reproduce:
1.oc adm  diagnostics aggregatedlogging 
2.
3.

Actual results:

[root@ip-172-18-15-253 ~]# oc adm  diagnostics aggregatedlogging
[Note] Determining if client configuration exists for client/cluster diagnostics
Info:  Successfully read a client config file at '/root/.kube/config'
Info:  Using context for cluster-admin access: 'logging/ec2-54-175-52-207-compute-1-amazonaws-com:443/system:admin'

[Note] Running diagnostic: AggregatedLogging
       Description: Check aggregated logging integration for proper configuration
       
ERROR: [AGL0610 from diagnostic AggregatedLogging@openshift/origin/pkg/oc/admin/diagnostics/diagnostics/cluster/aggregated_logging/diagnostic.go:129]
       The ServiceAccount 'aggregated-logging-fluentd' is not a cluster-reader in the 'logging' project.  This
       is required to enable Fluentd to look up pod metadata for the logs it gathers.
       As a user with a cluster-admin role, you can grant the permissions by running
       the following:
       
         $ oc adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd
       
Info:  Did not find a DeploymentConfig to support optional component 'mux'. If you require
       this component, please re-install or update logging and specify the appropriate
       variable to enable it.
       
Info:  Looked for 'logging-mux' among the logging services for the project but did not find it.
       This optional component may not have been specified by logging install options.
       
[Note] Summary of diagnostics execution (version v3.9.0-0.53.0):
[Note] Errors seen: 1

Expected results:


Additional info:
Comment 1 Rich Megginson 2018-02-28 14:29:54 UTC 
This was moved to logging.  If fluentd is working, I fail to see how this is a problem with logging.  This looks like a false positive from the health checker.

Please confirm - if fluentd is working, please move this back to Command Line Interface, as a false positive.
Comment 4 Anping Li 2018-04-17 03:41:01 UTC 
Verified and pass using v3.9.22

[root@host3-ha-master-1 ~]# oc adm  diagnostics aggregatedlogging --logging-project=logging
[Note] Determining if client configuration exists for client/cluster diagnostics
Info:  Successfully read a client config file at '/root/.kube/config'
Info:  Using context for cluster-admin access: 'logging/192-168-1-223:8443/system:admin'

[Note] Running diagnostic: AggregatedLogging
       Description: Check aggregated logging integration for proper configuration
       
Info:  Did not find a DeploymentConfig to support optional component 'curator-ops'. If you require
       this component, please re-install or update logging and specify the appropriate
       variable to enable it.
       
Info:  Did not find a DeploymentConfig to support optional component 'es-ops'. If you require
       this component, please re-install or update logging and specify the appropriate
       variable to enable it.
       
Info:  Did not find a DeploymentConfig to support optional component 'kibana-ops'. If you require
       this component, please re-install or update logging and specify the appropriate
       variable to enable it.
       
Info:  Did not find a DeploymentConfig to support optional component 'mux'. If you require
       this component, please re-install or update logging and specify the appropriate
       variable to enable it.
       
Info:  Looked for 'logging-es-ops' among the logging services for the project but did not find it.
       This optional component may not have been specified by logging install options.
       
Info:  Looked for 'logging-es-ops-cluster' among the logging services for the project but did not find it.
       This optional component may not have been specified by logging install options.
       
Info:  Looked for 'logging-kibana-ops' among the logging services for the project but did not find it.
       This optional component may not have been specified by logging install options.
       
Info:  Looked for 'logging-mux' among the logging services for the project but did not find it.
       This optional component may not have been specified by logging install options.
       
[Note] Summary of diagnostics execution (version v3.9.22):
[Note] Completed with no errors or warnings seen.
Comment 8 errata-xmlrpc 2018-05-17 06:42:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1566