Bug 1388035 - [intservice_public_399]Cluster-admin is not able to view .all and operations logs, and have to confirm filters on UI
Summary: [intservice_public_399]Cluster-admin is not able to view .all and operations ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OKD
Classification: Red Hat
Component: Logging
Version: 3.x
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: ewolinet
QA Contact: Xia Zhao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-24 09:47 UTC by Xia Zhao
Modified: 2016-12-09 21:50 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-09 21:50:48 UTC
Target Upstream Version:

Attachments (Terms of Use)
screenshot (191.23 KB, image/png)
2016-10-24 09:47 UTC, Xia Zhao 		no flags Details
es_log (104.01 KB, text/plain)
2016-10-24 09:47 UTC, Xia Zhao 		no flags Details
kibana_log (239.11 KB, text/plain)
2016-10-24 09:48 UTC, Xia Zhao 		no flags Details
flunetd_log (477.42 KB, text/plain)
2016-10-24 09:48 UTC, Xia Zhao 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Xia Zhao 2016-10-24 09:47:05 UTC 
Created attachment 1213414 [details]
screenshot

Description of problem:
Cluster-admin is not able to view .all and operations logs. When he/she tried to view logs for normal projects, Kibana failed to load {{indexPattern.id}}, and asked him/her to confirm filters on UI, please refer to the attached screenshot.

Version-Release number of selected component (if applicable):
Built out image from https://github.com/openshift/origin-aggregated-logging

openshift v1.4.0-alpha.0+c94f61a
kubernetes v1.4.0+776c994
etcd 3.1.0-alpha.1

How reproducible:
always

Steps to Reproduce:
0.Start docker daemon with journal log driver on openshift nodes
1.Define local builds according to https://github.com/openshift/origin-aggregated-logging#defining-local-builds
2.Deploy logging with the built out images (OPS cluster is set to false, use_journal set to true).
3.Login kibana UI with Cluster-admin users, click on a normal index in the left panel

Actual results:
Cluster-admin is not able to view .all and operations logs.
Cluster-admin have to confirm filters on UI before viewing normal projects' logs.

Expected results:
Cluster-admin should be able to view .all and operations logs.
Cluster-admin should not have to accept filters before viewing normal projects' logs.


Additional info:
kibana/es pod log attached
screenshot attached
Issue reproduced when docker log driver is set to both json file and journal.
Comment 1 Xia Zhao 2016-10-24 09:47:49 UTC 
Created attachment 1213415 [details]
es_log
Comment 2 Xia Zhao 2016-10-24 09:48:12 UTC 
Created attachment 1213416 [details]
kibana_log
Comment 3 Xia Zhao 2016-10-24 09:48:36 UTC 
Created attachment 1213417 [details]
flunetd_log
Comment 5 Xia Zhao 2016-10-25 05:16:02 UTC 
Hi Eric,

Thanks for pointing out this change. After adding this new step during logging deployment, Cluster-admin still have to confirm filters on UI(is this ecpected?), and is able to view .all and operations logs:

oadm policy add-cluster-role-to-user rolebinding-reader system:serviceaccount:logging:aggregated-logging-elasticsearch

Please transfer this back for closure.

Thanks,
Xia
Comment 6 Xia Zhao 2016-10-25 14:36:56 UTC 
Verified on 

openshift v1.4.0-alpha.0+c94f61a
kubernetes v1.4.0+776c994
etcd 3.1.0-alpha.1

Fixed after adding 

oadm policy add-cluster-role-to-user rolebinding-reader system:serviceaccount:logging:aggregated-logging-elasticsearch

in logging deployment process
Note You need to log in before you can comment on or make changes to this bug.