Loading...

XML

Word

Printable

Type: Bug
Resolution: Duplicate
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.18, 4.19
Component/s: Installer / IBM Cloud
Labels:
- ibmcloud

Severity:
Important
Regression:
None
Release Blocker:
Proposed
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.19.0
Target Backport Versions:

4.18.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

CAPI Infrastructure creation is failing to create a VPC Custom Image, which appears to be because of authorization issues between IBM Cloud COS and IBM Cloud VPC.

Version-Release number of selected component (if applicable):

4.19

How reproducible:

100%

Steps to Reproduce:

1. Configure IPI to use CAPI for IBM Cloud (FeatureGate)
2. Create a new IBM Cloud OCP cluster using IPI with CAPI
(It is possible this is isolated to an IBM Cloud Account issue with CI, but needs further investigation)

Actual results:

time="2024-12-04T15:15:21Z" level=debug msg="I1204 15:15:21.571897     852 ibmvpccluster_controller.go:239] \"Reconciling VPC\" logger=\"controllers.IBMVPCCluster\" ibmvpccluster=\"openshift-cluster-api-guests/ci-op-hzwcty24-017c7-7w9cd\""
time="2024-12-04T15:15:22Z" level=debug msg="I1204 15:15:22.666587     852 ibmvpccluster_controller.go:248] \"Reconciliation of VPC complete\" logger=\"controllers.IBMVPCCluster\" ibmvpccluster=\"openshift-cluster-api-guests/ci-op-hzwcty24-017c7-7w9cd\""
time="2024-12-04T15:15:22Z" level=debug msg="I1204 15:15:22.666613     852 ibmvpccluster_controller.go:252] \"Reconciling VPC Custom Image\" logger=\"controllers.IBMVPCCluster\" ibmvpccluster=\"openshift-cluster-api-guests/ci-op-hzwcty24-017c7-7w9cd\""
time="2024-12-04T15:15:30Z" level=debug msg="E1204 15:15:30.413620     852 ibmvpccluster_controller.go:254] \"failed to reconcile VPC Custom Image\" err=\"error failure trying to create vpc custom image: error unknown failure creating vpc custom image: The IAM token that was specified in the request has expired or is invalid. The request is not authorized to access the Cloud Object Storage resource.\" logger=\"controllers.IBMVPCCluster\" ibmvpccluster=\"openshift-cluster-api-guests/ci-op-hzwcty24-017c7-7w9cd\""
time="2024-12-04T15:15:30Z" level=debug msg="E1204 15:15:30.414735     852 controller.go:324] \"Reconciler error\" err=\"error failure trying to create vpc custom image: error unknown failure creating vpc custom image: The IAM token that was specified in the request has expired or is invalid. The request is not authorized to access the Cloud Object Storage resource.\" controller=\"ibmvpccluster\" controllerGroup=\"infrastructure.cluster.x-k8s.io\" controllerKind=\"IBMVPCCluster\" IBMVPCCluster=\"openshift-cluster-api-guests/ci-op-hzwcty24-017c7-7w9cd\" namespace=\"openshift-cluster-api-guests\" name=\"ci-op-hzwcty24-017c7-7w9cd\" reconcileID=\"44503885-4834-4238-b221-c89cf82d114d\""
time="2024-12-04T15:21:27Z" level=debug msg="Collecting applied cluster api manifests..."
time="2024-12-04T15:21:27Z" level=error msg="failed to fetch Cluster: failed to generate asset \"Cluster\": failed to create cluster: infrastructure was not ready within 30m0s: client rate limiter Wait returned an error: context deadline exceeded"
time="2024-12-04T15:21:27Z" level=info msg="Shutting down local Cluster API controllers..."

Expected results:

Successful VPC Image creation.

Additional info:

IBM Cloud is investigating the permission/authorization issue.

clones

OCPBUGS-45984 [IBMCloud] [CAPI] ImageReconciliationFailed by invalid IAM token

Verified

Assignee:: Jeff Nowicki

Reporter:: Christopher Schaefer

QA Contact:: Gaoyun Pei

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/12/10 2:52 PM

Updated:: 2024/12/10 2:55 PM

Resolved:: 2024/12/10 2:55 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates