-
Bug
-
Resolution: Done
-
Major
-
Logging 5.0.6
-
False
-
False
-
NEW
-
VERIFIED
-
Before this update, an issue with the `ServiceAccount` permissions caused errors like `no permissions for [indices:admin/aliases/get]`. With this update, a permission fix resolves the issue.
-
###[Description of problem]
Index management cronjobs are failing with error:
~~~
2021-06-24T09:15:08.090393695Z Error while attemping to determine the active write alias: {'error': {'root_cause': [
], 'type': 'security_exception', 'reason': 'no permissions for [indices:admin/aliases/get] and User [name=system:serviceaccount:openshift-logging:elasticsearch, roles=[admin_reader], requestedTenant=null]'}, 'status': 403}
~~~
It was reviewed that the SA elasticsearch used to run the cronjobs has not assigned extra clusterroles or roles.Version-Release number of selected component (if applicable):
OCP 4.7
Logging 5.0.6.40
###Actual results:
Index management cronjobs are failing each execution and not able to manage the deletion/rollover of the indices
###Expected results:
Index management cronjobs are able to manage the deletion/rollover of the indices
NOTE:
- the indices must be deleted by hand to don't get the storage full continually. Could we have any workaround on this meanwhile bug is fixed?
- Not clusterrole or role was added to the SA elasticsearch that runs the cronjobs
- links to
