Cloudera Community
lmn247
user rank
New Contributor

Failed install CDP Data Services on OCP platform w...

by New Contributor in Support Questions
‎11-12-2024 01:39 AM
1 Kudo
‎11-12-2024 01:39 AM
1 Kudo
I'm trying to deploy CDP Data Services on Dedicated OCP Platform and facing problem with Vault permission. I've already using root token to deploy. Installation's logs: 2024/11/12 15:45:34 Vault created at the end point: 'vault-cdp-vault.apps.poc.xplat 2024/11/12 15:45:34 Trying to reach OpenShift API server : 2024/11/12 15:45:34 => 200 OK 2024/11/12 15:45:34 Get Vault Status. 2024/11/12 15:45:35 Vault is unintialized. Trying to initalize. 2024/11/12 15:45:35 Get Vault Status. 2024/11/12 15:45:35 Checking vault server health ... 2024/11/12 15:45:35 Get Vault Status. 2024/11/12 15:45:35 Vault server is initialized. 2024/11/12 15:45:35 Unseal vault server with Seal Type : shamir. 2024/11/12 15:45:35 Unseal vault server with Seal Type : shamir Completed. 2024/11/12 15:45:35 Get Vault Status. 2024/11/12 15:45:35 {     "initialized": true,     "sealed": false,     "standby": false,     "performance_standby": false,     "replication_performance_mode": "disabled",     "replication_dr_mode": "disabled",     "server_time_utc": 1731401153,     "version": "1.15.2",     "cluster_name": "vault-cluster-b98f1203",     "cluster_id": "fb6bc569-be1d-23a7-1671-8eb26fceecce" } 2024/11/12 15:45:35 Enabling kv-v2 secrets engine at 'secret'. 2024/11/12 15:45:35 Check write operation. 2024/11/12 15:45:35 Check read operation. 2024/11/12 15:45:35 {     "data": {         "testdata": "test"     },     "metadata": {         "created_time": "2024-11-12T08:45:53.720092771Z",         "custom_metadata": null,         "deletion_time": "",         "destroyed": false,         "version": 1     } } 2024/11/12 15:45:35 Vault server installation complete. clusterrole.rbac.authorization.k8s.io/system:auth-delegator added: "vault-auth" 2024/11/12 15:45:36 Enabling kv-v2 secrets engine at 'kv'. secret/vault-unseal-key created 2024/11/12 15:45:36 Enabling kubernetes Auth method at path: cdp secret/vault-kubernetes-auth-config created 2024/11/12 15:45:37 Creating vault policy for admin user and corresponding role. 2024/11/12 15:45:37 creating vault policy : cloudera-cdp-admin 2024/11/12 15:45:37 Vault policy created for project cdp 2024/11/12 15:45:37 Configuring Auth method. 2024/11/12 15:45:37 Kubernetes Auth and role configured for project cdp. 2024/11/12 15:45:37 Vault login and write/read operation. 2024/11/12 15:45:38 Validate login with kubernetes jwt. 2024/11/12 15:45:38 ----------------- goroutine 1 [running]: runtime/debug.Stack() /grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/thirdparty/go/src/runtime/debug/stack.go:24 +0x65 runtime/debug.PrintStack() /grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/thirdparty/go/src/runtime/debug/stack.go:16 +0x19 main.check({0x194de80, 0xc0006b0240?}) /grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/utils.go:36 +0xca main.vaultLogin(0xc0001e23c0, {0xc0006bd400, 0x4d3}, {0x7ffcca41c71f, 0x3}, {0xc000244ae8, 0x8}) /grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/vaultUtils.go:659 +0x1dc main.testVaultLoginAndWrite(, {, _}, {{0xc00063e450, 0x2d}, {0x7ffcca41c71f, 0x3}, {0x171f63d, 0x2}, {0x171f681, ...}, ...}) /grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/vaultUtils.go:692 +0xd9 main.(*CdpInstaller).executeEmbeddedVaultFlow(0xc0004b3e28) /grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/vaultUtils.go:154 +0x570 main.(*CdpInstaller).executeVaultFlow(0xc000305e28) /grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/helm-install-all.go:1013 +0x85 main.(*CdpInstaller).installControlPlane(0xc000305e28) /grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/helm-install-all.go:558 +0x1b9 main.main() /grid/0/jenkins/workspace/workspace/App_builds_redhat8/SOURCES/cdp-private/src/go/main.go:26 +0xde 2024/11/12 15:45:38 ----------------- 2024/11/12 15:45:38 Error making API request.   URL: PUT https://vault-cdp-vault.apps.poc.xplat/v1/auth/cdp/login Code: 403. Errors:   * permission denied 2024/11/12 15:45:38 ========================================================================================= 2024/11/12 15:45:38 Report workflow status: 2024/11/12 15:45:38 {   "WorkflowStatusArray": [     {       "WorkflowName": "Initialize Global Trust Store",       "StartedAt": "2024-11-12T15:44:32.466343317+07:00",       "EndedAt": "2024-11-12T15:44:37.932939576+07:00",       "Interval": "5.466596 seconds",       "HasFinished": true,       "Message": ""     },     {       "WorkflowName": "Validate pre-install requirements",       "StartedAt": "2024-11-12T15:44:59.864130489+07:00",       "EndedAt": "2024-11-12T15:45:00.098444015+07:00",       "Interval": "0.234314 seconds",       "HasFinished": true,       "Message": ""     },     {       "WorkflowName": "Execute vault flow",       "StartedAt": "2024-11-12T15:45:13.765455351+07:00",       "EndedAt": "0001-01-01T00:00:00Z",       "Interval": "",       "HasFinished": false,       "Message": ""     }   ],   "AllFlowsSucceeded": false } 2024/11/12 15:45:38 ========================================================================================= 2024/11/12 15:45:38 Did all workflows succeed? 2024/11/12 15:45:38 false 2024/11/12 15:45:38 ========================================================================================= 2024/11/12 15:45:38 There are failed work flows. Print the last 50 lines of kubernetes events in namespace: cdp   2024/11/12 15:45:38 ========================================================================================= INFO: Associating service account drs-admin with anyuid scc ... View more
Contact Me
Online
Offline
Last Visited
‎11-15-2024 05:46 AM
Community Statistics
Member Since ‎10-09-2024 02:38 AM
Last Visited ‎11-15-2024 05:46 AM
Posts 1
Kudos received 1