User system:anonymous cannot get clusternetworks at the cluster scope - OpenShift
Issue
- Install fails at "Start and Enable Node"
TASK [openshift_node : Start and enable node] **********************************
fatal: [node.example.com]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to start service atomic-openshift-node: Job for atomic-openshift-node.service failed because the control process exited with error code. See \"systemctl status atomic-openshift-node.service\" and \"journalctl -xe\" for details.\n"}
- Testing curling produces error
root:>curl -v --cacert /etc/origin/master/ca-bundle.crt https://ose-console.example.com:8443/oapi/v1/clusternetworks/default
* Hostname was NOT found in DNS cache
* Trying 192.168.197.33...
* Connected to ose-console.example.com (192.168.197.33) port 8443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/origin/master/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / AES128-SHA
* Server certificate:
* subject: CN=10.250.0.1
* start date: 2016-10-31 15:09:42 GMT
* expire date: 2018-10-31 15:09:43 GMT
* subjectAltName: ose-console.example.com matched
* issuer: CN=openshift-signer@1477926573
* SSL certificate verify ok.
> GET /oapi/v1/clusternetworks/default HTTP/1.1
> User-Agent: curl/7.39.0
> Host: ose-console.example.com:8443
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Cache-Control: no-store
< Content-Type: application/json
< Date: Mon, 31 Oct 2016 17:51:40 GMT
< Content-Length: 289
<
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "User \"system:anonymous\" cannot get clusternetworks at the cluster scope",
"reason": "Forbidden",
"details": {
"name": "default",
"kind": "clusternetworks"
},
"code": 403
}
* Connection #0 to host ose-console.example.com left intact
Environment
- Red Hat OpenShift Container Platform
- 3.3.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.