Skip to content

Cannot create OpenShift cluster  #25738

Open
Open
Cannot create OpenShift cluster #25738
Labels
AROaz aro (Azure Redhat OpenShift)Auto-AssignAuto assign by botService AttentionThis issue is responsible by Azure service team.act-codegen-extensibility-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.
Milestone
Backlog
@hartmutp

Description

@hartmutp
hartmutp
opened on Mar 9, 2023

This is autogenerated. Please review and update as needed.

Describe the bug

Command Name
az aro create

Errors:

The command failed with an unexpected error. Here is the traceback:
Insufficient privileges to complete the operation.
Traceback (most recent call last):
  File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
    r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,
  File "/opt/az/lib/python3.10/site-packages/azure/cli/core/util.py", line 1011, in send_raw_request
    raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2023-03-09T15:07:22","request-id":"31563015-3cd6-4e49-8c38-9a61178e9285","client-request-id":"31563015-3cd6-4e49-8c38-9a61178e9285"}}})

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 333, in __call__
    return self.handler(*args, **kwargs)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
    return op(**command_args)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 78, in aro_create
    client_id, client_secret = aad.create_application(cluster_resource_group or 'aro-' + random_id)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/_aad.py", line 24, in create_application
    app = self.client.application_create(request_body)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 91, in application_create
    result = self._send("POST", "/applications", body=body)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
    raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.

To Reproduce:

As far as I can see I followed EXACTLY the steps described in the tutorial:
https://learn.microsoft.com/en-us/azure/openshift/tutorial-create-cluster

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

  • az login

  • az account set --subscription {}

  • az provider register -n Microsoft.RedHatOpenShift --wait

  • az provider register -n Microsoft.Compute --wait

  • az provider register -n Microsoft.Storage --wait

  • az provider register -n Microsoft.Authorization --wait

  • az group create --name hpo-aro-rg --location eastus

  • az network vnet create --resource-group hpo-aro-rg --name hpo-aro-vnet --address-prefixes 10.0.0.0/22

  • az network vnet subnet create --resource-group hpo-aro-rg --vnet-name hpo-aro-vnet --name master-subnet --address-prefixes 10.0.0.0/23

  • az network vnet subnet create --resource-group hpo-aro-rg --vnet-name hpo-aro-vnet --name worker-subnet --address-prefixes 10.0.2.0/23

  • az aro create --resource-group {} --name {} --vnet {} --location {} --master-subnet {} --worker-subnet {} --pull-secret {} --domain {}

Expected Behavior

OpenShift Cluster created successfully.

Environment Summary

Linux-5.4.0-144-generic-x86_64-with-glibc2.31, Ubuntu 20.04.2 LTS
Python 3.10.8
Installer: DEB

azure-cli 2.45.0 *

Additional Context

I already had a look at the similar issue
#16963
but I cannot imagine that we have issues with Worker pool Subnet CIRD as we used exactly the parameters from tutorial and moreover in our case "Missing privileges" are reported ...

In accordance with the tutorial I re-checked my permissions:
I already have had the User Access Administrator permissions and later on I was even given Owner permission for the used subscription.
Moreover regarding Azure Active Directory I should be a member user of the tenant.

BTW: When trying to create the OpenShift cluster via Azure portal UI I was informed that the clustername must not contain hyphens,
but this was not the reason.

Metadata

Metadata

Assignees

No one assigned

    Labels

    AROaz aro (Azure Redhat OpenShift)Auto-AssignAuto assign by botService AttentionThis issue is responsible by Azure service team.act-codegen-extensibility-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions