Bug 1416117 - Errors when following the "Upgrading the EFK Logging Stack" Manual Upgrade Procedure in Documentation
Summary: Errors when following the "Upgrading the EFK Logging Stack" Manual Upgrade Pr...
Keywords:
Status: CLOSED EOL
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.4.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Vikram Goyal
QA Contact: Vikram Goyal
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-24 15:59 UTC by Nick Schuetz
Modified: 2019-08-10 06:46 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-10 06:46:00 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Nick Schuetz 2017-01-24 15:59:26 UTC
Document URL: 

https://docs.openshift.com/container-platform/3.3/install_config/upgrading/manual_upgrades.html#manual-upgrading-efk-logging-stack

Section Number and Name: 

Upgrading the EFK Logging Stack


Describe the issue: 

# oc project logging
Now using project "logging" on server "https://master.example.com:8443".
# oc apply -n openshift -f \
>     /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml
template "logging-deployer-account-template" configured
template "logging-deployer-template" configured
# oc process logging-deployer-account-template | oc apply -f -
error: template "logging-deployer-account-template" could not be found
error: no objects passed to apply
# oc process logging-deployer-account-template -n openshift | oc apply -f -
serviceaccount "logging-deployer" configured
serviceaccount "aggregated-logging-kibana" configured
serviceaccount "aggregated-logging-elasticsearch" configured
serviceaccount "aggregated-logging-fluentd" configured
serviceaccount "aggregated-logging-curator" configured
clusterrole "oauth-editor" configured
clusterrole "daemonset-admin" configured
Error from server: RoleBinding "logging-deployer-edit-role" is invalid: roleRef: Invalid value: {"kind":"ClusterRole","name":"edit"}: cannot change roleRef
Error from server: RoleBinding "logging-deployer-dsadmin-role" is invalid: roleRef: Invalid value: {"kind":"ClusterRole","name":"daemonset-admin"}: cannot change roleRef


Suggestions for improvement: 

Adjust the item #3 upgrade command so that is does not give end users errors when running it as is from the documentation.

Additional information:

Comment 1 Takeshi Larsson 2017-02-03 13:37:52 UTC
Another comment, not sure if it should be a new BZ, but the 4th step..

# oadm policy add-cluster-role-to-user rolebinding-reader \
     system:serviceaccount:logging:aggregated-logging-elasticsearch

refers to a non-existent clusterrole. The logging-deployer-account-template does not create this clusterrole.

Version of OCP: atomic-openshift-3.4.1.2-1.git.0.d760092.el7.x86_64

Comment 2 Eric Jones 2017-02-21 22:51:05 UTC
Hi @Takeshi, to be safe I went ahead and separated out the issue and logged a new bug just for that cluster role not existing:
https://bugzilla.redhat.com/show_bug.cgi?id=1425621

Comment 3 Takeshi Larsson 2017-02-22 05:57:54 UTC
Ah.. Thank you Eric.

(In reply to Eric Jones from comment #2)
> Hi @Takeshi, to be safe I went ahead and separated out the issue and logged
> a new bug just for that cluster role not existing:
> https://bugzilla.redhat.com/show_bug.cgi?id=1425621


Note You need to log in before you can comment on or make changes to this bug.