Bug 1840705
| Summary: | Unclear error when Azure credentials have expired or are invalid | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Dan Mace <dmace> |
| Component: | Installer | Assignee: | Abhinav Dahiya <adahiya> |
| Installer sub component: | openshift-installer | QA Contact: | Etienne Simard <esimard> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | low | ||
| Priority: | high | CC: | adahiya, bleanhar, chuffman, dgrigore, esimard, kgarriso, sdodson, wking |
| Version: | 4.6 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.6.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 16:01:07 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Dan Mace
2020-05-27 13:05:21 UTC
*** Bug 1840852 has been marked as a duplicate of this bug. *** The issue ended up being expired credentials and it has been addressed. I'm changing the target release and priority of this bug and will use it to track progress on updating the error message to actually print out the problem. Since this is low priority, I didn't get to it this sprint. I'll update when there is time to work on this. Verified with: ./openshift-install 4.6.0-0.nightly-2020-08-01-172303 built from commit 7a5af8cddbd04a7c6af6006696141d8afe2fb027 release image registry.svc.ci.openshift.org/ocp/release@sha256:6d4b31af9959b02b8589bb4b804812c436f38a9726827fa5e5a0ea66d6d79cf4 Reproduction steps: 1) Generate a working install-config.yaml from a current Service Principal 2) Configure your osServicePrincipal.json to use an EXPIRED Service Principal 3) Try to install a cluster using the install-config.yaml generated in step 1 ~~~ ./openshift-install create cluster --dir ./install_config_folder INFO Credentials loaded from file "/home/openshift-qe/.azure/osServicePrincipal.json" FATAL failed to fetch Metadata: failed to load asset "Install Config": platform.azure.region: Internal error: failed to retrieve available regions: failed to list locations: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/$SUBID/locations?api-version=2019-06-01: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: {"error":"invalid_client","error_description":"AADSTS7000222: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app, or consider using certificate credentials for added security: https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials\r\nTrace ID: 3416e35d-5586-4646-ae28-d8a5c8ee3e00\r\nCorrelation ID: 4b8affac-99de-4536-8505-0f269b69d15f\r\nTimestamp: 2020-08-04 20:50:05Z","error_codes":[7000222],"timestamp":"2020-08-04 20:50:05Z","trace_id":"3416e35d-5586-4646-ae28-d8a5c8ee3e00","correlation_id":"4b8affac-99de-4536-8505-0f269b69d15f","error_uri":"https://login.microsoftonline.com/error?code=7000222"} ~~~ Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |