Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1326281 - should create service account at same time or give a prompt if the specified sa is not exist when creating ipfailover pod
should create service account at same time or give a prompt if the specified ...
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing (Show other bugs)
3.2.0
All All
medium Severity medium
: ---
: ---
Assigned To: jtanenba
zhaozhanqi
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-12 06:36 EDT by zhaozhanqi
Modified: 2016-09-27 05:37 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-09-27 05:37:37 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Github openshift/origin/pull/9618 None None None 2016-08-17 16:13 EDT
Red Hat Product Errata RHBA-2016:1933 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.3 Release Advisory 2016-09-27 09:24:36 EDT

  None (edit)
Description zhaozhanqi 2016-04-12 06:36:24 EDT 
Description of problem:
Should create service account during creating ipfailver pod if the specified service account is not exist. or give a error message like "your specified service account is not exist" at least. 

for now if the service account is not exist or did not be add to scc privileged. ipfailover pod can be deployed but cannot be created on node.

Version-Release number of selected component (if applicable):
# openshift version
openshift v3.2.0.14
kubernetes v1.2.0-36-g4a3f9c5
etcd 2.2.5


How reproducible:
always

Steps to Reproduce:
1. Create ipfaiover pod using one non-exist service account
  oadm ipfailover ipf2  --virtual-ips="10.66.127.100-101" --credentials=/etc/origin/master/openshift-router.kubeconfig --replicas=2 -w 1936 --service-account=non-exist --images='brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/ose-${component}:${version}' --create


Actual results:

step 1 will show "deploymentconfig "ipf2" created", but ipfailover pod cannot be created since no scc privileged for this service account

Expected results:
1. openshift can create service account at same time if not exist the user specified
2. if the service account is not add to scc privileged. should also give a prompt message

Additional info:
Comment 1 jtanenba 2016-08-10 13:38:20 EDT 
https://github.com/openshift/origin/pull/9618
Comment 2 Troy Dawson 2016-08-19 17:26:11 EDT 
This has been merged into ose and is in OSE v3.3.0.23 or newer.
Comment 4 zhaozhanqi 2016-08-22 02:00:09 EDT 
verified this bug on v3.3.0.23

# oadm ipfailover ipf --create --virtual-ips=10.66.137.100-101 --replicas=2 -w 80  --images='brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/ose-keepalived-ipfailover:v3.3.0.23'error: ipfailover could not be created; service account "ipfailover" does not have sufficient privileges, grant access with oadm policy add-scc-to-user privileged -z ipfailover
Comment 6 errata-xmlrpc 2016-09-27 05:37:37 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1933
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.