User system:anonymous cannot get clusternetworks at the cluster scope - OpenShift

Solution In Progress - Updated -

Issue

  • Install fails at "Start and Enable Node"
TASK [openshift_node : Start and enable node] **********************************
fatal: [node.example.com]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to start service atomic-openshift-node: Job for atomic-openshift-node.service failed because the control process exited with error code. See \"systemctl status atomic-openshift-node.service\" and \"journalctl -xe\" for details.\n"}
  • Testing curling produces error
root:>curl -v --cacert /etc/origin/master/ca-bundle.crt https://ose-console.example.com:8443/oapi/v1/clusternetworks/default
* Hostname was NOT found in DNS cache
*   Trying 192.168.197.33...
* Connected to ose-console.example.com (192.168.197.33) port 8443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/origin/master/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / AES128-SHA
* Server certificate:
*        subject: CN=10.250.0.1
*        start date: 2016-10-31 15:09:42 GMT
*        expire date: 2018-10-31 15:09:43 GMT
*        subjectAltName: ose-console.example.com matched
*        issuer: CN=openshift-signer@1477926573
*        SSL certificate verify ok.
> GET /oapi/v1/clusternetworks/default HTTP/1.1
> User-Agent: curl/7.39.0
> Host: ose-console.example.com:8443
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Cache-Control: no-store
< Content-Type: application/json
< Date: Mon, 31 Oct 2016 17:51:40 GMT
< Content-Length: 289
<
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "User \"system:anonymous\" cannot get clusternetworks at the cluster scope",
  "reason": "Forbidden",
  "details": {
    "name": "default",
    "kind": "clusternetworks"
  },
  "code": 403
}
* Connection #0 to host ose-console.example.com left intact

Environment

  • Red Hat OpenShift Container Platform
    • 3.3.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content