Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-1896

[CORS-2260] "create install-config" got error 'credentialsMode: Forbidden: environmental authentication is only supported with Manual credentials mode'

XMLWordPrintable

    • None
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, when you installed {product-title} on {GCP}, you would receive an error message that indicated environmental authentication checks on `credentialsMode` parameter values in the `install-config.yaml` file of the Cloud Credential Operator (CCO) failed.

      For {product-title} {product-version}, you can resolve this issue by setting the `credentialsMode` parameter for the CCO to `Manual`, which is a mode that is recognized by the environmental authentication mechanism.

      (link:https://issues.redhat.com/browse/OCPBUGS-1896[*OCPBUGS-1896*])
      Show
      Previously, when you installed {product-title} on {GCP}, you would receive an error message that indicated environmental authentication checks on `credentialsMode` parameter values in the `install-config.yaml` file of the Cloud Credential Operator (CCO) failed. For {product-title} {product-version}, you can resolve this issue by setting the `credentialsMode` parameter for the CCO to `Manual`, which is a mode that is recognized by the environmental authentication mechanism. (link: https://issues.redhat.com/browse/OCPBUGS-1896 [* OCPBUGS-1896 *])
    • Bug Fix
    • Done

      Description of problem:

      failed even trying to "create install-config" in the epic's scenario

      Version-Release number of selected component (if applicable):

      $ ./openshift-install version
./openshift-install 4.12.0-0.nightly-2022-09-28-204419
built from commit 9eb0224926982cdd6cae53b872326292133e532d
release image registry.ci.openshift.org/ocp/release@sha256:2c8e617830f84ac1ee1bfcc3581010dec4ae5d9cad7a54271574e8d91ef5ecbc
release architecture amd64

      How reproducible:

      Always

      Steps to Reproduce:

      1. create vpc network, subnets, and a firewall-rule to allow ssh access to the bastion host
2. create the bastion host, with setting a valid service-account and scopes of "https://www.googleapis.com/auth/cloud-platform"
3. scp pull secret to the bastion host
4. ssh to the bastion host (subsequent steps would be on the bastion host, except told explicitly)
5. get "oc", e.g. curl https://mirror2.openshift.com/pub/openshift-v4/clients/ocp/4.9.9/openshift-client-linux-4.9.9.tar.gz -o openshift-client-linux-4.9.9.tar.gz; tar zxvf openshift-client-linux-4.9.9.tar.gz
6. obtain the installation program
7. try "create install-config" of platform "gcp"

      Actual results:

      [cloud-user@jiwei-0930-02-rhel8-mirror ~]$ ./openshift-install create install-config --dir work                                         
? SSH Public Key /home/cloud-user/.ssh/id_rsa.pub                                                                                       
? Platform gcp                                                                                                                          
INFO Credentials loaded from gcloud CLI defaults                                                                                        
? Project ID OpenShift QE Shared VPC (openshift-qe-shared-vpc)                                                                          
? Region us-west1                                                                                                                       
? Base Domain qe-shared-vpc.qe.gcp.devcluster.openshift.com                                                                             
? Cluster Name jiwei-0930-03                                                                                                            
? Pull Secret [? for help] ******
FATAL failed to fetch Install Config: failed to generate asset "Install Config": credentialsMode: Forbidden: environmental authentication is only supported with Manual credentials mode 
[cloud-user@jiwei-0930-02-rhel8-mirror ~]$ 

      Expected results:

      "create install-config" should succeed.

      Additional info:

       

       

       

       

       

              rh-ee-bbarbach Brent Barbachem
              rhn-support-jiwei Jianli Wei
              Jianli Wei Jianli Wei
              Darragh Fitzmaurice Darragh Fitzmaurice
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: