Bug 1876844 - Include more details around the users required to pull the auth token
Summary: Include more details around the users required to pull the auth token
Keywords:
Status: MODIFIED
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 4.6
Hardware: x86_64
OS: Linux
low
low
Target Milestone: ---
: 4.6.0
Assignee: Max Bridges
QA Contact: weiwei jiang
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-08 10:31 UTC by Jatan Malde
Modified: 2020-11-10 09:59 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 4236 0 None closed Bug 1876844: openstack UPI: Ignition token needs Glance access 2020-12-10 00:07:01 UTC

Description Jatan Malde 2020-09-08 10:31:23 UTC
Document URL: 

https://docs.openshift.com/container-platform/4.6/installing/installing_openstack/installing-openstack-user.html#installation-osp-converting-ignition-resources_installing-openstack-user

Section Number and Name: 

Generate an auth token and save the token ID

Describe the issue: 

The above step 6 mentions creation of the auth token but does not specifies which user's token should be used. The above step 6 needs more clarity as the installation starts and fails with the bootstrap ignition not reachable by the machine. 

Suggestions for improvement: 

Please include more clarity on which user should be used to fetch the tokens while creating the next ignition for the bootstrap machine as part of step 7.

Additional information:

Comment 1 Max Bridges 2020-09-28 19:38:54 UTC
> Please include more clarity on which user should be used to fetch the tokens while creating the next ignition for the bootstrap machine as part of step 7.

Any comments, here, @pprinett? I don't recall this being a problem in the past, so I'm not sure if it's a doc issue or if something's changed.

Comment 2 Pierre Prinetti 2020-10-02 09:07:59 UTC
I have added a note in the upstream documentation indicating what privileges are required for generating the token.

This is the script I use to upload the Ignition shim and get its URL (requires Bash v4+, jq, python-openstackclient):

```
INFRA_ID='<must be set>'

bootstrap_ignition_image_id="$(openstack image create -f value -c id --disk-format=raw --container-format=bare --file bootstrap.ign "$INFRA_ID-bootstrap-ignition")"

bootstrap_ignition_url="$(openstack catalog show image -f json | jq -r '.endpoints | map(select(.interface == "public"))[0].url')/v2/images/${bootstrap_ignition_image_id}/file"

```

Comment 3 Max Bridges 2020-10-02 13:09:38 UTC
Thanks! I'll take a look.


Note You need to log in before you can comment on or make changes to this bug.