Support Questions

Find answers, ask questions, and share your expertise

Failed install CDP Data Services on OCP platform when using Embedded Vault

avatar
New Contributor

I'm trying to deploy CDP Data Services on Dedicated OCP Platform and facing problem with Vault permission. I've already using root token to deploy.

Installation's logs:

2024/11/12 15:45:34 Vault created at the end point: 'vault-cdp-vault.apps.poc.xplat
2024/11/12 15:45:34 Trying to reach OpenShift API server :
2024/11/12 15:45:34 => 200 OK
2024/11/12 15:45:34 Get Vault Status.
2024/11/12 15:45:35 Vault is unintialized. Trying to initalize.
2024/11/12 15:45:35 Get Vault Status.
2024/11/12 15:45:35 Checking vault server health ...
2024/11/12 15:45:35 Get Vault Status.
2024/11/12 15:45:35 Vault server is initialized.
2024/11/12 15:45:35 Unseal vault server with Seal Type : shamir.
2024/11/12 15:45:35 Unseal vault server with Seal Type : shamir Completed.
2024/11/12 15:45:35 Get Vault Status.
2024/11/12 15:45:35 {
    "initialized": true,
    "sealed": false,
    "standby": false,
    "performance_standby": false,
    "replication_performance_mode": "disabled",
    "replication_dr_mode": "disabled",
    "server_time_utc": 1731401153,
    "version": "1.15.2",
    "cluster_name": "vault-cluster-b98f1203",
    "cluster_id": "fb6bc569-be1d-23a7-1671-8eb26fceecce"
}
2024/11/12 15:45:35 Enabling kv-v2 secrets engine at 'secret'.
2024/11/12 15:45:35 Check write operation.
2024/11/12 15:45:35 Check read operation.
2024/11/12 15:45:35 {
    "data": {
        "testdata": "test"
    },
    "metadata": {
        "created_time": "2024-11-12T08:45:53.720092771Z",
        "custom_metadata": null,
        "deletion_time": "",
        "destroyed": false,
        "version": 1
    }
}
2024/11/12 15:45:35 Vault server installation complete.
clusterrole.rbac.authorization.k8s.io/system:auth-delegator added: "vault-auth"
2024/11/12 15:45:36 Enabling kv-v2 secrets engine at 'kv'.
secret/vault-unseal-key created
2024/11/12 15:45:36 Enabling kubernetes Auth method at path: cdp
secret/vault-kubernetes-auth-config created
2024/11/12 15:45:37 Creating vault policy for admin user and corresponding role.
2024/11/12 15:45:37 creating vault policy : cloudera-cdp-admin
2024/11/12 15:45:37 Vault policy created for project cdp
2024/11/12 15:45:37 Configuring Auth method.
2024/11/12 15:45:37 Kubernetes Auth and role configured for project cdp.
2024/11/12 15:45:37 Vault login and write/read operation.
2024/11/12 15:45:38 Validate login with kubernetes jwt.
2024/11/12 15:45:38 -----------------
goroutine 1 [running]:
runtime/debug.Stack()
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/thirdparty/go/src/runtime/debug/stack.go:24 +0x65
runtime/debug.PrintStack()
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/thirdparty/go/src/runtime/debug/stack.go:16 +0x19
main.check({0x194de80, 0xc0006b0240?})
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/utils.go:36 +0xca
main.vaultLogin(0xc0001e23c0, {0xc0006bd400, 0x4d3}, {0x7ffcca41c71f, 0x3}, {0xc000244ae8, 0x8})
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/vaultUtils.go:659 +0x1dc
main.testVaultLoginAndWrite(, {, _}, {{0xc00063e450, 0x2d}, {0x7ffcca41c71f, 0x3}, {0x171f63d, 0x2}, {0x171f681, ...}, ...})
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/vaultUtils.go:692 +0xd9
main.(*CdpInstaller).executeEmbeddedVaultFlow(0xc0004b3e28)
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/vaultUtils.go:154 +0x570
main.(*CdpInstaller).executeVaultFlow(0xc000305e28)
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/helm-install-all.go:1013 +0x85
main.(*CdpInstaller).installControlPlane(0xc000305e28)
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/helm-install-all.go:558 +0x1b9
main.main()
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/main.go:26 +0xde
2024/11/12 15:45:38 -----------------
2024/11/12 15:45:38 Error making API request.
 
Code: 403. Errors:
 
* permission denied
2024/11/12 15:45:38 =========================================================================================
2024/11/12 15:45:38 Report workflow status:
2024/11/12 15:45:38 {
  "WorkflowStatusArray": [
    {
      "WorkflowName": "Initialize Global Trust Store",
      "StartedAt": "2024-11-12T15:44:32.466343317+07:00",
      "EndedAt": "2024-11-12T15:44:37.932939576+07:00",
      "Interval": "5.466596 seconds",
      "HasFinished": true,
      "Message": ""
    },
    {
      "WorkflowName": "Validate pre-install requirements",
      "StartedAt": "2024-11-12T15:44:59.864130489+07:00",
      "EndedAt": "2024-11-12T15:45:00.098444015+07:00",
      "Interval": "0.234314 seconds",
      "HasFinished": true,
      "Message": ""
    },
    {
      "WorkflowName": "Execute vault flow",
      "StartedAt": "2024-11-12T15:45:13.765455351+07:00",
      "EndedAt": "0001-01-01T00:00:00Z",
      "Interval": "",
      "HasFinished": false,
      "Message": ""
    }
  ],
  "AllFlowsSucceeded": false
}
2024/11/12 15:45:38 =========================================================================================
2024/11/12 15:45:38 Did all workflows succeed?
2024/11/12 15:45:38 false
2024/11/12 15:45:38 =========================================================================================
2024/11/12 15:45:38 There are failed work flows. Print the last 50 lines of kubernetes events in namespace: cdp
 
2024/11/12 15:45:38 =========================================================================================
INFO: Associating service account drs-admin with anyuid scc
1 REPLY 1

avatar
Community Manager

@lmn247, Welcome to our community! To help you get the best possible answer, I have tagged in our CDP experts @rki_ @shehbazk  who may be able to assist you further.

Please feel free to provide any additional information or details about your query. We hope that you will find a satisfactory solution to your question.



Regards,

Vidya Sargur,
Community Manager


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community: