-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.19.0
This is a clone of issue OCPBUGS-45280. The following is the description of the original issue:
—
Description of problem:
DEBUG Creating ServiceAccount for control plane nodes DEBUG Service account created for XXXXX-gcp-r4ncs-m DEBUG Getting policy for openshift-dev-installer DEBUG adding roles/compute.instanceAdmin role, added serviceAccount:XXXXX-gcp-r4ncs-m@openshift-dev-installer.iam.gserviceaccount.com member DEBUG adding roles/compute.networkAdmin role, added serviceAccount:XXXXX-gcp-r4ncs-m@openshift-dev-installer.iam.gserviceaccount.com member DEBUG adding roles/compute.securityAdmin role, added serviceAccount:XXXXX-gcp-r4ncs-m@openshift-dev-installer.iam.gserviceaccount.com member DEBUG adding roles/storage.admin role, added serviceAccount:XXXXX-gcp-r4ncs-m@openshift-dev-installer.iam.gserviceaccount.com member ERROR failed to fetch Cluster: failed to generate asset "Cluster": failed to create cluster: failed during pre-provisioning: failed to add master roles: failed to set IAM policy, unexpected error: googleapi: Error 400: Service account XXXXX-gcp-r4ncs-m@openshift-dev-installer.iam.gserviceaccount.com does not exist., badRequest It appears that the Service account was created correctly. The roles are assigned to the service account. It is possible that there needs to be a "wait for action to complete" on the server side to ensure that this will all be ok.
Version-Release number of selected component (if applicable):
How reproducible:
Random. Appears to be a sync issue
Steps to Reproduce:
1. Run the installer for a normal GCP basic install
2.
3.
Actual results:
Installer fails saying that the Service Account that the installer created does not have the permissions to perform an action. Sometimes it takes numerous tries for this to happen (very intermittent).
Expected results:
Successful install
Additional info:
- clones
-
-
- Verified
-
- is blocked by
-
-
- Verified
-
- links to