Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-1896

[CORS-2260] "create install-config" got error 'credentialsMode: Forbidden: environmental authentication is only supported with Manual credentials mode'

XMLWordPrintable

    • None
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, when you installed {product-title} on {GCP}, you would receive an error message that indicated environmental authentication checks on `credentialsMode` parameter values in the `install-config.yaml` file of the Cloud Credential Operator (CCO) failed.

      For {product-title} {product-version}, you can resolve this issue by setting the `credentialsMode` parameter for the CCO to `Manual`, which is a mode that is recognized by the environmental authentication mechanism.

      (link:https://issues.redhat.com/browse/OCPBUGS-1896[*OCPBUGS-1896*])
      Show
      Previously, when you installed {product-title} on {GCP}, you would receive an error message that indicated environmental authentication checks on `credentialsMode` parameter values in the `install-config.yaml` file of the Cloud Credential Operator (CCO) failed. For {product-title} {product-version}, you can resolve this issue by setting the `credentialsMode` parameter for the CCO to `Manual`, which is a mode that is recognized by the environmental authentication mechanism. (link: https://issues.redhat.com/browse/OCPBUGS-1896 [* OCPBUGS-1896 *])
    • Bug Fix
    • Done

      Description of problem:

      failed even trying to "create install-config" in the epic's scenario

      Version-Release number of selected component (if applicable):

      $ ./openshift-install version
      ./openshift-install 4.12.0-0.nightly-2022-09-28-204419
      built from commit 9eb0224926982cdd6cae53b872326292133e532d
      release image registry.ci.openshift.org/ocp/release@sha256:2c8e617830f84ac1ee1bfcc3581010dec4ae5d9cad7a54271574e8d91ef5ecbc
      release architecture amd64
      

      How reproducible:

      Always

      Steps to Reproduce:

      1. create vpc network, subnets, and a firewall-rule to allow ssh access to the bastion host
      2. create the bastion host, with setting a valid service-account and scopes of "https://www.googleapis.com/auth/cloud-platform"
      3. scp pull secret to the bastion host
      4. ssh to the bastion host (subsequent steps would be on the bastion host, except told explicitly)
      5. get "oc", e.g. curl https://mirror2.openshift.com/pub/openshift-v4/clients/ocp/4.9.9/openshift-client-linux-4.9.9.tar.gz -o openshift-client-linux-4.9.9.tar.gz; tar zxvf openshift-client-linux-4.9.9.tar.gz
      6. obtain the installation program
      7. try "create install-config" of platform "gcp" 

      Actual results:

      [cloud-user@jiwei-0930-02-rhel8-mirror ~]$ ./openshift-install create install-config --dir work                                         
      ? SSH Public Key /home/cloud-user/.ssh/id_rsa.pub                                                                                       
      ? Platform gcp                                                                                                                          
      INFO Credentials loaded from gcloud CLI defaults                                                                                        
      ? Project ID OpenShift QE Shared VPC (openshift-qe-shared-vpc)                                                                          
      ? Region us-west1                                                                                                                       
      ? Base Domain qe-shared-vpc.qe.gcp.devcluster.openshift.com                                                                             
      ? Cluster Name jiwei-0930-03                                                                                                            
      ? Pull Secret [? for help] ******
      FATAL failed to fetch Install Config: failed to generate asset "Install Config": credentialsMode: Forbidden: environmental authentication is only supported with Manual credentials mode 
      [cloud-user@jiwei-0930-02-rhel8-mirror ~]$ 
      

      Expected results:

      "create install-config" should succeed.

      Additional info:

       

       

       

       

       

            rh-ee-bbarbach Brent Barbachem
            rhn-support-jiwei Jianli Wei
            Jianli Wei Jianli Wei
            Darragh Fitzmaurice Darragh Fitzmaurice
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: