Bug 1689529

Summary: rbac does not allow machine-controller events
Product: OpenShift Container Platform Reporter: Eric Paris <eparis>
Component: Cloud ComputeAssignee: Jan Chaloupka <jchaloup>
Status: CLOSED ERRATA QA Contact: Jianwei Hou <jhou>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.1.0CC: aos-cloud, sponnaga, zhsun
Target Milestone: ---   
Target Release: 4.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-04 10:46:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eric Paris 2019-03-16 13:37:39 UTC 
Server Version: version.Info{Major:"1", Minor:"12+", GitVersion:"v1.12.4+599b39f", GitCommit:"599b39f", GitTreeState:"clean", BuildDate:"2019-03-15T20:44:22Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}

version   4.0.0-0.alpha-2019-03-16-003154   True        False         11h     Cluster version is 4.0.0-0.alpha-2019-03-16-003154



E0316 13:33:04.611691       1 event.go:203] Server rejected event '&v1.Event{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"eparis3-rx8fm-master-0.158c4d4354b55369", GenerateName:"", Namespace:"openshift-machine-api", SelfLink:"", UID:"", ResourceVersion:"3936", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Initializers:(*v1.Initializers)(nil), Finalizers:[]string(nil), ClusterName:""}, InvolvedObject:v1.ObjectReference{Kind:"Machine", Namespace:"openshift-machine-api", Name:"eparis3-rx8fm-master-0", UID:"23e38d6f-478d-11e9-b654-0627d7e47a32", APIVersion:"machine.openshift.io/v1beta1", ResourceVersion:"3956", FieldPath:""}, Reason:"Updated", Message:"Updated machine eparis3-rx8fm-master-0", Source:v1.EventSource{Component:"aws-controller", Host:""}, FirstTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:63688297723, loc:(*time.Location)(0x228d0a0)}}, LastTimestamp:v1.Time{Time:time.Time{wall:0xbf1b5ca424474f65, ext:42314288276015, loc:(*time.Location)(0x228d0a0)}}, Count:21, Type:"Normal", EventTime:v1.MicroTime{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, Series:(*v1.EventSeries)(nil), Action:"", Related:(*v1.ObjectReference)(nil), ReportingController:"", ReportingInstance:""}': 'events "eparis3-rx8fm-master-0.158c4d4354b55369" is forbidden: User "system:serviceaccount:openshift-machine-api:default" cannot patch resource "events" in API group "" in the namespace "openshift-machine-api"' (will not retry!)
Comment 1 Jan Chaloupka 2019-03-18 13:27:57 UTC 
Upstream PR: https://github.com/openshift/machine-api-operator/pull/249
Comment 3 sunzhaohua 2019-04-08 07:31:48 UTC 
Verified.

$ oc get clusterversion
NAME      VERSION      AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.0.0-0.11   True        False         3h56m   Cluster version is 4.0.0-0.11

I0408 07:19:58.070052       1 controller.go:128] Reconciling Machine "zhsun-gjs5l-worker-ap-southeast-1a-6b8qn"
I0408 07:19:58.070067       1 controller.go:300] Machine "zhsun-gjs5l-worker-ap-southeast-1a-6b8qn" in namespace "cluster.k8s.io/cluster-name" doesn't specify "openshift-machine-api" label, assuming nil cluster
I0408 07:19:58.070080       1 actuator.go:371] Checking if machine exists
I0408 07:19:58.186843       1 actuator.go:384] Instance exists as "i-0164cf92a8c5b9999"
I0408 07:19:58.186870       1 controller.go:234] Reconciling machine "zhsun-gjs5l-worker-ap-southeast-1a-6b8qn" triggers idempotent update
I0408 07:19:58.186880       1 actuator.go:297] updating machine
I0408 07:19:58.186958       1 actuator.go:305] obtaining EC2 client for region
I0408 07:19:58.244033       1 actuator.go:322] found 1 instances for machine
I0408 07:19:58.244061       1 actuator.go:341] instance found
I0408 07:19:58.244098       1 actuator.go:468] Updating status
I0408 07:19:58.244178       1 actuator.go:512] finished calculating AWS status
I0408 07:19:58.244325       1 actuator.go:150] status unchanged
Comment 5 errata-xmlrpc 2019-06-04 10:46:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758