I don't have any projects but when I want to create a project, openshift show a "projectrequests "*****" is forbidden: user BehnamLoghmani cannot create more than 1 project(s)."
I am also experiencing this issue on https://console.preview.openshift.com
The cause of the error is an existing project/namespace, with a requester annotation matching the user, in Active state, without any rolebindings that give the user permission to see/delete the project/namespace There are apparently two ways to reach this state: 1. An error occurs during the projectrequest API call, after the project is created with the requester annotation, but before the rolebinding granting the user permission to access the project completes (or the error occurs while creating that rolebinding). This is reproducible in an environment that is generally experiencing API call failures (timeouts, etc) 2. Deleting a project (DELETE /oapi/v1/projects/myproject) triggered removing the rolebinding that gave the user access, but somehow(?) still left the project in an Active state, with no deletionTimestamp set, so the finalizers did not remove themselves and delete the project. This is not yet reproducible
*** Bug 1367308 has been marked as a duplicate of this bug. ***
*** Bug 1368098 has been marked as a duplicate of this bug. ***
After auditing the project deletion code, I'm reasonably sure this is only being caused by failures during project creation, which is leaving projects in existence, but without any permissions granted to the requesting user https://github.com/openshift/origin/pull/10577 adds error handling to the projectrequest API that cleans up a partially created project template if a failure occurs during the creation.
*** Bug 1369823 has been marked as a duplicate of this bug. ***
*** Bug 1369789 has been marked as a duplicate of this bug. ***
*** Bug 1370988 has been marked as a duplicate of this bug. ***
*** Bug 1371402 has been marked as a duplicate of this bug. ***
Any movement on this? I'm currently totally blocked on dev preview (prod)
To be clear, my scenario was; 1. I had a project I used for a number of days 2. Deleted the project 3. Created a project did a little work 4. Deleted the project (no error) 5. tried to create a project and got the error I can't find any existence of the project doing oc get project --loglevel=7, etc. I'm blocked. Is there any script I or an admin can run to get me back to a good place?
*** Bug 1371839 has been marked as a duplicate of this bug. ***
following the steps given in comment #11, QE was able to verify the system can now detect the invalid template and roll back the project creation. in addition to comment #11, we need to change the master-config.yaml by following this doc (step #4 is a must) https://docs.openshift.com/enterprise/3.2/admin_guide/managing_projects.html#modifying-the-template-for-new-projects Expectded output: [root@ip-172-18-10-247 rpms]# systemctl restart atomic-openshift-master.service [root@ip-172-18-10-247 rpms]# oc new-project foofoo Error from server: Internal error occurred: role "notexist" not found [root@ip-172-18-10-247 rpms]# oc get project foofoo Error from server: namespaces "foofoo" not found
We are still getting reports of this happening on the Dev Preview cluster. Is this issue resolved? Do we have a job that cleans up old projects without rolebindings that runs on a schedule?
After contacting OpenShift support Jiří pointed out that that I may be experiencing this bug. I personally experienced the following on October 1st 2016. This was on https://console.preview.openshift.com/console/ (The dev preview) 1. I logged into the console at https://console.preview.openshift.com/ 2. I clicked 'New Project' and filled in a Name and an Display Name 3. During generation it seemed to have frozen so I reloaded the page 4. The console popped up the way it did initially, just the "Welcome to OpenShift" 5. When I tried to create another new project OpenShift responded with the error the original reporter got ("projectrequests "*****" is forbidden: user Mozoa cannot create more than 1 project(s).") I've since also tried the commandline application (oc.exe) to see if it would yield different results, here is a screenshot of the output http://i.imgur.com/Y9gVxib.png Of course I can't speak from the developer's perspective, this is just how it worked for me as a client in the Dev Preview
*** Bug 1380922 has been marked as a duplicate of this bug. ***
Dylan: You should now be able to create a new project.
Hi Team, I faced the same issue as Dylan After contacting OpenShift support Jiří pointed out that that I may be experiencing this bug. I personally experienced the following on October 1st 2016. This was on https://console.preview.openshift.com/console/ (The dev preview) 1. I logged into the console at https://console.preview.openshift.com/ 2. I clicked 'New Project' and filled in a Name and an Display Name 3. During generation it seemed to have frozen so I reloaded the page 4. The console popped up the way it did initially, just the "Welcome to OpenShift" 5. When I tried to create another new project OpenShift responded with the error the original reporter got ("projectrequests "*****" is forbidden: user Mozoa cannot create more than 1 project(s).") I've since also tried the commandline application (oc.exe) to see if it would yield different results
(In reply to Abhishek Gupta from comment #30) > Dylan: You should now be able to create a new project. Hi Abhishek, Please can you fix my account aswell. Thanks
Henry, I just checked and I don't see a project owned by user 'Mozoa'. Is the issue resolved? Or did you create the project using a different username? If the issue is still happening, let me know what your username is. Or if you can remember the name of the project you first tried to make, that would help too. Thanks,
(In reply to Stefanie Forrester from comment #33) > Henry, I just checked and I don't see a project owned by user 'Mozoa'. Is > the issue resolved? Or did you create the project using a different username? > > If the issue is still happening, let me know what your username is. Or if > you can remember the name of the project you first tried to make, that would > help too. Thanks, I login account is henryfernandes_redhat; user henryfernandes and the project I tried to create was henryfernandes_goapp
Henry: You should be able to create a new project now
Thanks Abhishek. It worked, I have created a new project
Corey: We have cleared all projects that have no role bindings. The issue in the code has also been addressed. We will keep an eye out for any new projects that are not auto-cleared and use those for debugging the issue, if it still persists. Stefanie: The 'mozoa' user account belonged to Dylan and was cleared earlier as well.
Hi, Sorry for the trouble but my account 'nghianja' is also having this problem. Please help urgently as I am using the system for an app challenge with a close deadline. Thank you very much. Best Regards, James Ng
Hi, we are experiencing the same issue since yesterday. Our account: isvintegrate.
James, Martin, I have deleted all the new stuck projects since yesterday. You should be able to create apps again. Apparently this issue is still occurring, so my team will have to watch for this until a permanent solution is reached.
*** Bug 1381038 has been marked as a duplicate of this bug. ***
The fix has been deployed to production and all stuck projects have been cleared.
We've verified this bug in online as comment 23, and didn't meet this issue again in online INT/STG/PROD. And in OCP 3.3, stuck projects would be cleared successfully in our tests. So I'll move this bug to verified. Thanks!
If this bug is fixed can we go ahead and close it?
*** Bug 1393559 has been marked as a duplicate of this bug. ***