Bug 1806158

Summary: [IPI][OSP] 403 error when creating Swift Image Registry backend without swiftoperator role
Product: OpenShift Container Platform Reporter: Mike Fedosin <mfedosin>
Component: Image RegistryAssignee: Mike Fedosin <mfedosin>
Status: CLOSED ERRATA QA Contact: XiuJuan Wang <xiuwang>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 4.4CC: adam.kaplan, aos-bugs
Target Milestone: ---Keywords: Reopened
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1810490 (view as bug list) Environment:
Last Closed: 2020-08-04 18:01:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1810490    

Description Mike Fedosin 2020-02-22 13:39:03 UTC 
When I deploy a cluster on OpenStack with Swift enabled, but without swiftoperator role, cluster-image-registry-operator fails to create a container and I get 403 error during the installation.
Comment 1 Adam Kaplan 2020-02-27 21:28:08 UTC 
`swiftoperator` role is a prerequisite for IPI installs on OpenStack [1]. Customers who don't want to do this should use the UPI flows instead [2]. In 4.4 we will need to update this document to allow customers to use RWO storage via a PVC.

[1] https://docs.openshift.com/container-platform/4.3/installing/installing_openstack/installing-openstack-installer-custom.html#installation-osp-enabling-swift_installing-openstack-installer-custom
[2] https://docs.openshift.com/container-platform/4.3/installing/installing_openstack/installing-openstack-installer-custom.html
Comment 4 XiuJuan Wang 2020-03-18 03:28:56 UTC 
It's same behavior with https://bugzilla.redhat.com/show_bug.cgi?id=1810490#c4 , pvc is in pending status, no pv bound.
Test in 4.5.0-0.nightly-2020-03-17-011909 cluster

$oc get pods
NAME                                               READY   STATUS    RESTARTS   AGE
cluster-image-registry-operator-8548dc8975-gf42b   2/2     Running   0          43m
image-registry-564c5b68d4-4n8rw                    0/1     Pending   0          43m
node-ca-dktf4                                      1/1     Running   0          43m
node-ca-k8vkn                                      1/1     Running   0          43m
node-ca-vjql9                                      1/1     Running   0          43m
node-ca-x8mfp                                      1/1     Running   0          37m

$ oc get pvc  -o yaml 
apiVersion: v1
items:
- apiVersion: v1
  kind: PersistentVolumeClaim
  metadata:
    annotations:
      imageregistry.openshift.io: "true"
      volume.beta.kubernetes.io/storage-provisioner: kubernetes.io/cinder
      volume.kubernetes.io/selected-node: wxjosp2-p2sxl-worker-ctx9r
    creationTimestamp: "2020-03-18T02:41:37Z"
    finalizers:
    - kubernetes.io/pvc-protection
    name: image-registry-storage
    namespace: openshift-image-registry
    resourceVersion: "29921"
    selfLink: /api/v1/namespaces/openshift-image-registry/persistentvolumeclaims/image-registry-storage
    uid: 57f9759b-df16-4d96-bde2-980a207c216c
  spec:
    accessModes:
    - ReadWriteOnce
    resources:
      requests:
        storage: 100Gi
    storageClassName: standard
    volumeMode: Filesystem
  status:
    phase: Pending
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

$oc get pv  --all-namespaces 
No resources found
Comment 8 errata-xmlrpc 2020-08-04 18:01:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.5 image release advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409