I'm trying to deploy CDP Data Services on Dedicated OCP Platform and facing problem with Vault permission. I've already using root token to deploy.
Installation's logs:
2024/11/12 15:45:34 Vault created at the end point: 'vault-cdp-vault.apps.poc.xplat
2024/11/12 15:45:34 Trying to reach OpenShift API server :
2024/11/12 15:45:34 => 200 OK
2024/11/12 15:45:34 Get Vault Status.
2024/11/12 15:45:35 Vault is unintialized. Trying to initalize.
2024/11/12 15:45:35 Get Vault Status.
2024/11/12 15:45:35 Checking vault server health ...
2024/11/12 15:45:35 Get Vault Status.
2024/11/12 15:45:35 Vault server is initialized.
2024/11/12 15:45:35 Unseal vault server with Seal Type : shamir.
2024/11/12 15:45:35 Unseal vault server with Seal Type : shamir Completed.
2024/11/12 15:45:35 Get Vault Status.
2024/11/12 15:45:35 {
"initialized": true,
"sealed": false,
"standby": false,
"performance_standby": false,
"replication_performance_mode": "disabled",
"replication_dr_mode": "disabled",
"server_time_utc": 1731401153,
"version": "1.15.2",
"cluster_name": "vault-cluster-b98f1203",
"cluster_id": "fb6bc569-be1d-23a7-1671-8eb26fceecce"
}
2024/11/12 15:45:35 Enabling kv-v2 secrets engine at 'secret'.
2024/11/12 15:45:35 Check write operation.
2024/11/12 15:45:35 Check read operation.
2024/11/12 15:45:35 {
"data": {
"testdata": "test"
},
"metadata": {
"created_time": "2024-11-12T08:45:53.720092771Z",
"custom_metadata": null,
"deletion_time": "",
"destroyed": false,
"version": 1
}
}
2024/11/12 15:45:35 Vault server installation complete.
clusterrole.rbac.authorization.k8s.io/system:auth-delegator added: "vault-auth"
2024/11/12 15:45:36 Enabling kv-v2 secrets engine at 'kv'.
secret/vault-unseal-key created
2024/11/12 15:45:36 Enabling kubernetes Auth method at path: cdp
secret/vault-kubernetes-auth-config created
2024/11/12 15:45:37 Creating vault policy for admin user and corresponding role.
2024/11/12 15:45:37 creating vault policy : cloudera-cdp-admin
2024/11/12 15:45:37 Vault policy created for project cdp
2024/11/12 15:45:37 Configuring Auth method.
2024/11/12 15:45:37 Kubernetes Auth and role configured for project cdp.
2024/11/12 15:45:37 Vault login and write/read operation.
2024/11/12 15:45:38 Validate login with kubernetes jwt.
2024/11/12 15:45:38 -----------------
goroutine 1 [running]:
runtime/debug.Stack()
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/thirdparty/go/src/runtime/debug/stack.go:24 +0x65
runtime/debug.PrintStack()
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/thirdparty/go/src/runtime/debug/stack.go:16 +0x19
main.check({0x194de80, 0xc0006b0240?})
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/utils.go:36 +0xca
main.vaultLogin(0xc0001e23c0, {0xc0006bd400, 0x4d3}, {0x7ffcca41c71f, 0x3}, {0xc000244ae8, 0x8})
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/vaultUtils.go:659 +0x1dc
main.testVaultLoginAndWrite(, {, _}, {{0xc00063e450, 0x2d}, {0x7ffcca41c71f, 0x3}, {0x171f63d, 0x2}, {0x171f681, ...}, ...})
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/vaultUtils.go:692 +0xd9
main.(*CdpInstaller).executeEmbeddedVaultFlow(0xc0004b3e28)
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/vaultUtils.go:154 +0x570
main.(*CdpInstaller).executeVaultFlow(0xc000305e28)
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/helm-install-all.go:1013 +0x85
main.(*CdpInstaller).installControlPlane(0xc000305e28)
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/helm-install-all.go:558 +0x1b9
main.main()
/grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/main.go:26 +0xde
2024/11/12 15:45:38 -----------------
2024/11/12 15:45:38 Error making API request.
Code: 403. Errors:
* permission denied
2024/11/12 15:45:38 =========================================================================================
2024/11/12 15:45:38 Report workflow status:
2024/11/12 15:45:38 {
"WorkflowStatusArray": [
{
"WorkflowName": "Initialize Global Trust Store",
"StartedAt": "2024-11-12T15:44:32.466343317+07:00",
"EndedAt": "2024-11-12T15:44:37.932939576+07:00",
"Interval": "5.466596 seconds",
"HasFinished": true,
"Message": ""
},
{
"WorkflowName": "Validate pre-install requirements",
"StartedAt": "2024-11-12T15:44:59.864130489+07:00",
"EndedAt": "2024-11-12T15:45:00.098444015+07:00",
"Interval": "0.234314 seconds",
"HasFinished": true,
"Message": ""
},
{
"WorkflowName": "Execute vault flow",
"StartedAt": "2024-11-12T15:45:13.765455351+07:00",
"EndedAt": "0001-01-01T00:00:00Z",
"Interval": "",
"HasFinished": false,
"Message": ""
}
],
"AllFlowsSucceeded": false
}
2024/11/12 15:45:38 =========================================================================================
2024/11/12 15:45:38 Did all workflows succeed?
2024/11/12 15:45:38 false
2024/11/12 15:45:38 =========================================================================================
2024/11/12 15:45:38 There are failed work flows. Print the last 50 lines of kubernetes events in namespace: cdp
2024/11/12 15:45:38 =========================================================================================
INFO: Associating service account drs-admin with anyuid scc
