auto clone environment failing
Closed this issue · 4 comments
Environment cloning is not working for me in our production environment.
Steps:
-
Created a new project 'AUTST' with the provisiong app.
-
Modified project to add be-python-flask quickstarter.
-
Created dev branch off of master and pushed to orgin
Build succeeded.
- Create feature branch feature/AUTST-1-test-auto-clone with autoclone in Jenkinsfile (excerpts):
...
library identifier: 'ods-library@production', retriever: modernSCM(
[$class: 'GitSCMSource',
remote: sharedLibraryRepository,
credentialsId: credentialsId])
...
odsPipeline(
image: "${dockerRegistry}/cd/jenkins-slave-python",
projectId: projectId,
debug: true,
componentId: componentId,
branchToEnvironmentMapping: [
'master': 'test',
'dev': 'dev',
'feature/': 'feature',
'bugfix/': 'bugfix'
],
// configure environments on-the-fly for feature, bugfix branches
autoCloneEnvironmentsFromSourceMapping: [
'feature': 'dev',
'bugfix': 'dev'
]
) { context ->
...- Pushed feature branch to origin
> Build fails as follows
The export of the environment autst-dev appears works but importing it fails right when project.yaml is applied with the following messages:
----> cloning autst-dev into autst-feature-test-auto-clone
Could not find project autst-feature-test-auto-clone - creating
Now using project "autst-feature-test-auto-clone" on server "https://172.30.0.1:443".
You can add applications to this project with the 'new-app' command. For example, try:
oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git
to build a new example application in Ruby.
secret/cd-user-token created
Warning: oc apply should be used on resource created by either oc create --save-config or oc apply
rolebinding.authorization.openshift.io/admin configured
Error from server (Forbidden): rolebindings.authorization.openshift.io "admin-0" is forbidden: User "system:serviceaccount:autst-cd:jenkins" cannot get rolebindings.authorization.openshift.io in the namespace "autst-feature-test-auto-clone": RBAC: clusterrole.rbac.authorization.k8s.io "self-provisoner" not found
Error from server (Forbidden): rolebindings.authorization.openshift.io "admin-1" is forbidden: User "system:serviceaccount:autst-cd:jenkins" cannot get rolebindings.authorization.openshift.io in the namespace "autst-feature-test-auto-clone": RBAC: clusterrole.rbac.authorization.k8s.io "self-provisoner" not found
... and so on ...We have an internal JIRA item (BIX-609) to track this as it could be caused by our openshift environment.
Is anybody else experiencing this?
I filed a separate issue here as this might be different than #314
We had permission problems as well.
Error from server (Forbidden): buildconfigs.build.openshift.io "fe-angular" is forbidden: User "system:serviceaccount:tstsla03-cd:jenkins" cannot get buildconfigs.build.openshift.io in the namespace "tstsla03-features": no RBAC policy matched
I did not find, if we documented, what rights are required. As far as I understand it should be set correctly by the create-project.sh script (granting admin rights to jenkins sa)
@rattermeyer - we found it .. this is a crazy bug .. (or feature) .. @henrjk has a fix for this - that we are testing locally now .. (3.11 feature?!)
@gerardcl - tested on prem as well?
yes @clemensutschig, same behaviour
as @henrjk proposes: let's create a ticket so to assure we promote correctly the same/right membership from the exported namespace