-
Bug
-
Resolution: Done-Errata
-
Normal
-
4.12
-
No
-
Sprint 244, Sprint 246
-
2
-
False
-
This is a clone of issue OCPBUGS-13664. The following is the description of the original issue:
—
Description of problem:
There is no clear error log when create sts cluster with KMS key without install role in it
Version-Release number of selected component (if applicable):
How reproducible:
always
Steps to Reproduce:
1.Prepare KMS with aws command aws kms create-key --tags TagKey=Purpose,TagValue=Test --description "kms Key" 2.Create sts cluster with KMS key rosa create cluster --cluster-name ying-k1 --sts --role-arn arn:aws:iam::301721915996:role/ying16-Installer-Role --support-role-arn arn:aws:iam::301721915996:role/ying16-Support-Role --controlplane-iam-role arn:aws:iam::301721915996:role/ying16-ControlPlane-Role --worker-iam-role arn:aws:iam::301721915996:role/ying16-Worker-Role --operator-roles-prefix ying-k1-e2g3 --oidc-config-id 23ggvdh2jouranue87r5ujskp8hctisn --region us-west-2 --version 4.12.15 --replicas 2 --compute-machine-type m5.xlarge --machine-cidr 10.0.0.0/16 --service-cidr 172.30.0.0/16 --pod-cidr 10.128.0.0/14 --host-prefix 23 --kms-key-arn arn:aws:kms:us-west-2:301721915996:key/c60b5a31-1a5c-4d73-93ee-67586d0eb90d
Actual results:
It is failed. Here is the install log http://pastebin.test.redhat.com/1100008
Expected results:
There should be a detailed error message for the KMS that has no installer role
Additional info:
It can be successful if set install role arn to KMS key
{
"Version": "2012-10-17",
"Id": "key-default-1",
"Statement": [
{
"Sid": "Enable IAM User Permissions",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::301721915996:role/ying16-Installer-Role",
"arn:aws:iam::301721915996:root"
]
},
"Action": "kms:*",
"Resource": "*"
}
]
}
- clones
-
-
- Closed
-
- depends on
-
-
- Closed
-
- links to
-
RHBA-2023:7823
OpenShift Container Platform 4.12.z bug fix update