Bug 1814172 - [ovirt] Cannot run openshift-install as a non-root user
Summary: [ovirt] Cannot run openshift-install as a non-root user
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.4
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
: 4.5.0
Assignee: Roy Golan
QA Contact: Jan Zmeskal
URL:
Whiteboard:
Depends On:
Blocks: 1820492 OCPRHV-198
TreeView+ depends on / blocked
 
Reported: 2020-03-17 09:24 UTC by Jan Zmeskal
Modified: 2020-08-04 18:05 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1820492 (view as bug list)
Environment:
Last Closed: 2020-08-04 18:05:41 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 3369 0 None closed Bug 1814172: [ovirt] Cannot run openshift-install as a non-root user 2021-01-18 17:10:31 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-08-04 18:05:45 UTC

Description Jan Zmeskal 2020-03-17 09:24:55 UTC
Description of problem:
When running openshift-install create cluster as a non-root user on linux, the installation fails with permission denied.

Version-Release number of the following components:
openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024

How reproducible:
100 %

Steps to Reproduce:
[jan@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]$ whoami
jan
[jan@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]$ echo $HOME
/home/jan
[jan@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]$ rm -rf ~/.ovirt
[jan@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]$ rm -rf ./test-cluster/
[jan@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]$ ls -la
total 346284
drwxr-xr-x.  2 jan jan      4096 Mar 17 10:14 .
drwxr-xr-x. 14 jan jan     12288 Mar 17 07:45 ..
-rwxr-xr-x.  1 jan jan 354574336 Mar 13 06:28 openshift-install
-rw-r--r--.  1 jan jan       706 Mar 13 06:28 README.md
[jan@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]$ mkdir test-cluster
[jan@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]$ ls -l test-cluster
total 0
[jan@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]$ ls -ld test-cluster
drwxrwxr-x. 2 jan jan 4096 Mar 17 10:14 test-cluster
[jan@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]$ ./openshift-install create cluster --dir=test-cluster
? SSH Public Key /home/jan/.ssh/id_rsa.pub
? Platform ovirt
? Enter oVirt's api endpoint URL https://<my_engine_fqdn>/ovirt-engine/api
? Is the installed oVirt certificate trusted? No
? Enter ovirt-engine username admin@internal
? Enter password ******
? Select the oVirt cluster golden_env_mixed_1
? Select the oVirt storage domain nfs_0
? Select the oVirt network ovirtmgmt
? Enter the internal API Virtual IP 10.0.0.1
? Enter the internal DNS Virtual IP 10.0.0.2
? Enter the ingress IP  10.0.0.3
? Base Domain ocp.org
? Cluster Name ocp
? Pull Secret [? for help] **********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
FATAL failed to fetch Terraform Variables: failed to fetch dependency of "Terraform Variables": failed to fetch dependency of "Bootstrap Ignition Config": failed to fetch dependency of "Master Machines": failed to generate asset "Platform Credentials Check": getting ovirt configuration: open /home/jan/.ovirt/ovirt-config.yaml: permission denied 
[jan@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]$ ls -ld /home/jan/.ovirt/
d-w-rwxr--. 2 jan jan 4096 Mar 17 10:15 /home/jan/.ovirt/
[jan@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]$ ls -l /home/jan/.ovirt/ovirt-config.yaml
ls: cannot access '/home/jan/.ovirt/ovirt-config.yaml': Permission denied
[jan@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]$ sudo su
[root@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]# ls -l /home/jan/.ovirt/ovirt-config.yaml
ls: cannot access '/home/jan/.ovirt/ovirt-config.yaml': No such file or directory
[root@localhost openshift-install-linux-4.4.0-0.nightly-2020-03-16-034024]# ls -l /home/jan/.ovirt/
total 0

Actual results:
FATAL failed to fetch Terraform Variables: failed to fetch dependency of "Terraform Variables": failed to fetch dependency of "Bootstrap Ignition Config": failed to fetch dependency of "Master Machines": failed to generate asset "Platform Credentials Check": getting ovirt configuration: open /home/jan/.ovirt/ovirt-config.yaml: permission denied 

Expected results:
As far as I know there's no reason openshift-install could not be executed as a non-root user, so we should allow for it.

Comment 4 Jan Zmeskal 2020-05-11 14:31:16 UTC
Verified with: openshift-install-mac-4.5.0-0.nightly-2020-05-11-032504

Verification steps:
Running the whole IPI installation as a non-root user.

Comment 6 errata-xmlrpc 2020-08-04 18:05:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.5 image release advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.