1416117 – Errors when following the "Upgrading the EFK Logging Stack" Manual Upgrade Procedure in Documentation

Bug 1416117 - Errors when following the "Upgrading the EFK Logging Stack" Manual Upgrade Procedure in Documentation

Summary: Errors when following the "Upgrading the EFK Logging Stack" Manual Upgrade Pr...

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Documentation
Sub Component:
Version:	3.4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Vikram Goyal
QA Contact:	Vikram Goyal
Docs Contact:	Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-01-24 15:59 UTC by Nick Schuetz
Modified:	2019-08-10 06:46 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-08-10 06:46:00 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Nick Schuetz 2017-01-24 15:59:26 UTC

Document URL: 

https://docs.openshift.com/container-platform/3.3/install_config/upgrading/manual_upgrades.html#manual-upgrading-efk-logging-stack

Section Number and Name: 

Upgrading the EFK Logging Stack


Describe the issue: 

# oc project logging
Now using project "logging" on server "https://master.example.com:8443".
# oc apply -n openshift -f \
>     /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml
template "logging-deployer-account-template" configured
template "logging-deployer-template" configured
# oc process logging-deployer-account-template | oc apply -f -
error: template "logging-deployer-account-template" could not be found
error: no objects passed to apply
# oc process logging-deployer-account-template -n openshift | oc apply -f -
serviceaccount "logging-deployer" configured
serviceaccount "aggregated-logging-kibana" configured
serviceaccount "aggregated-logging-elasticsearch" configured
serviceaccount "aggregated-logging-fluentd" configured
serviceaccount "aggregated-logging-curator" configured
clusterrole "oauth-editor" configured
clusterrole "daemonset-admin" configured
Error from server: RoleBinding "logging-deployer-edit-role" is invalid: roleRef: Invalid value: {"kind":"ClusterRole","name":"edit"}: cannot change roleRef
Error from server: RoleBinding "logging-deployer-dsadmin-role" is invalid: roleRef: Invalid value: {"kind":"ClusterRole","name":"daemonset-admin"}: cannot change roleRef


Suggestions for improvement: 

Adjust the item #3 upgrade command so that is does not give end users errors when running it as is from the documentation.

Additional information:

Comment 1 Takeshi Larsson 2017-02-03 13:37:52 UTC

Another comment, not sure if it should be a new BZ, but the 4th step..

# oadm policy add-cluster-role-to-user rolebinding-reader \
     system:serviceaccount:logging:aggregated-logging-elasticsearch

refers to a non-existent clusterrole. The logging-deployer-account-template does not create this clusterrole.

Version of OCP: atomic-openshift-3.4.1.2-1.git.0.d760092.el7.x86_64

Comment 2 Eric Jones 2017-02-21 22:51:05 UTC

Hi @Takeshi, to be safe I went ahead and separated out the issue and logged a new bug just for that cluster role not existing:
https://bugzilla.redhat.com/show_bug.cgi?id=1425621

Comment 3 Takeshi Larsson 2017-02-22 05:57:54 UTC

Ah.. Thank you Eric.

(In reply to Eric Jones from comment #2)
> Hi @Takeshi, to be safe I went ahead and separated out the issue and logged
> a new bug just for that cluster role not existing:
> https://bugzilla.redhat.com/show_bug.cgi?id=1425621

Note You need to log in before you can comment on or make changes to this bug.