Bug 1550018 - The ServiceAccount 'aggregated-logging-fluentd' is not a cluster-reader in the 'logging' project
Summary: The ServiceAccount 'aggregated-logging-fluentd' is not a cluster-reader in th...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Logging
Version: 3.9.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 3.9.z
Assignee: Jan Wozniak
QA Contact: Anping Li
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-02-28 10:17 UTC by Anping Li
Modified: 2018-05-17 06:43 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of:
Environment:
Last Closed: 2018-05-17 06:42:42 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift origin pull 18641 None None None 2018-02-28 14:44:28 UTC
Red Hat Product Errata RHBA-2018:1566 None None None 2018-05-17 06:43:24 UTC

Description Anping Li 2018-02-28 10:17:35 UTC
Description of problem:
oc adm  diagnostics aggregatedlogging always report ServiceAccount error. 

The PR https://github.com/openshift/origin/pull/18641 have been submit to fix this error.

That bug is opened to trace this PR.



Version-Release number of selected component (if applicable):
diagnostics

How reproducible:
always

Steps to Reproduce:
1.oc adm  diagnostics aggregatedlogging 
2.
3.

Actual results:

[root@ip-172-18-15-253 ~]# oc adm  diagnostics aggregatedlogging
[Note] Determining if client configuration exists for client/cluster diagnostics
Info:  Successfully read a client config file at '/root/.kube/config'
Info:  Using context for cluster-admin access: 'logging/ec2-54-175-52-207-compute-1-amazonaws-com:443/system:admin'

[Note] Running diagnostic: AggregatedLogging
       Description: Check aggregated logging integration for proper configuration
       
ERROR: [AGL0610 from diagnostic AggregatedLogging@openshift/origin/pkg/oc/admin/diagnostics/diagnostics/cluster/aggregated_logging/diagnostic.go:129]
       The ServiceAccount 'aggregated-logging-fluentd' is not a cluster-reader in the 'logging' project.  This
       is required to enable Fluentd to look up pod metadata for the logs it gathers.
       As a user with a cluster-admin role, you can grant the permissions by running
       the following:
       
         $ oc adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd
       
Info:  Did not find a DeploymentConfig to support optional component 'mux'. If you require
       this component, please re-install or update logging and specify the appropriate
       variable to enable it.
       
Info:  Looked for 'logging-mux' among the logging services for the project but did not find it.
       This optional component may not have been specified by logging install options.
       
[Note] Summary of diagnostics execution (version v3.9.0-0.53.0):
[Note] Errors seen: 1

Expected results:


Additional info:

Comment 1 Rich Megginson 2018-02-28 14:29:54 UTC
This was moved to logging.  If fluentd is working, I fail to see how this is a problem with logging.  This looks like a false positive from the health checker.

Please confirm - if fluentd is working, please move this back to Command Line Interface, as a false positive.

Comment 4 Anping Li 2018-04-17 03:41:01 UTC
Verified and pass using v3.9.22

[root@host3-ha-master-1 ~]# oc adm  diagnostics aggregatedlogging --logging-project=logging
[Note] Determining if client configuration exists for client/cluster diagnostics
Info:  Successfully read a client config file at '/root/.kube/config'
Info:  Using context for cluster-admin access: 'logging/192-168-1-223:8443/system:admin'

[Note] Running diagnostic: AggregatedLogging
       Description: Check aggregated logging integration for proper configuration
       
Info:  Did not find a DeploymentConfig to support optional component 'curator-ops'. If you require
       this component, please re-install or update logging and specify the appropriate
       variable to enable it.
       
Info:  Did not find a DeploymentConfig to support optional component 'es-ops'. If you require
       this component, please re-install or update logging and specify the appropriate
       variable to enable it.
       
Info:  Did not find a DeploymentConfig to support optional component 'kibana-ops'. If you require
       this component, please re-install or update logging and specify the appropriate
       variable to enable it.
       
Info:  Did not find a DeploymentConfig to support optional component 'mux'. If you require
       this component, please re-install or update logging and specify the appropriate
       variable to enable it.
       
Info:  Looked for 'logging-es-ops' among the logging services for the project but did not find it.
       This optional component may not have been specified by logging install options.
       
Info:  Looked for 'logging-es-ops-cluster' among the logging services for the project but did not find it.
       This optional component may not have been specified by logging install options.
       
Info:  Looked for 'logging-kibana-ops' among the logging services for the project but did not find it.
       This optional component may not have been specified by logging install options.
       
Info:  Looked for 'logging-mux' among the logging services for the project but did not find it.
       This optional component may not have been specified by logging install options.
       
[Note] Summary of diagnostics execution (version v3.9.22):
[Note] Completed with no errors or warnings seen.

Comment 8 errata-xmlrpc 2018-05-17 06:42:42 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1566


Note You need to log in before you can comment on or make changes to this bug.