Profile cover photo
Profile photo
Freemen Muaddib
128 followers
128 followers
About
Freemen's posts

Hi!
I'm new to OpenShift. I have some trouble installing a Docker image.
It seems I don't have enough privileges, because the image require ROOT privileges.

Here is what I did:

1) I followed the instructions on the email with the preview account:

"...Your OpenShift Online (Next Gen) Developer Preview account is ready! You can log in to the web console at console.preview.openshift.com with your GitHub account (fmuaddib). You can also navigate to the next gen web console by visiting www.openshift.com and selecting 'My Account > (Next Gen) Web Console' from the top navigation menu...."

2) I logged in to next gen openshift web administration page (with my Github account) and started a first project (named "prova2016").

3) - I downloaded and installed the oc command on my machine (mac os x).

4) I logged in my server with the token provided using the oc login command:

$ oc login https://api.preview.openshift.com --token=t4fAHbS....(cut)

Logged into "https://api.preview.openshift.com:443" as "fmuaddib" using the token provided.

Using project "prova2016".

5) I gave the command to install the docker for bugzilla:

$ oc new-app https://github.com/dklawren/docker-bugzilla

But I get this error:

--> Found image 9baab0a (13 days old) in image stream centos under tag "7" for "centos:7"

* A Docker build using source code from https://github.com/dklawren/docker-bugzilla will be created
* The resulting image will be pushed to image stream "docker-bugzilla:latest"
* This image will be deployed in deployment config "docker-bugzilla"
* Ports 22, 5900, 80 will be load balanced by service "docker-bugzilla"
* Other containers can access this service through the hostname "docker-bugzilla"
* WARNING: Image "docker-bugzilla" runs as the 'root' user which may not be permitted by your cluster administrator

--> Creating resources with label app=docker-bugzilla ...
error: buildconfigs "docker-bugzilla" is forbidden: build strategy Docker is not allowed

6) So I tried to give myself the privileges to allow root access to dockers images.
I tried this command:

$ oc adm policy add-role-to-user cluster-admin fmuaddib

But I got this:

error: You must be logged in to the server (attempt to grant extra privileges: [PolicyRule{Verbs:[], APIGroups:[], Resources:[*], ResourceNames:[], Restrictions:<nil>}] user=&{fmuaddib d6c50f05-76ab-11e6-8e26-0a63b9c1b48f [system:authenticated:oauth system:authenticated]} ownerrules=[PolicyRule{Verbs:[create delete deletecollection get list patch update watch], APIGroups:[], Resources:[configmaps endpoints persistentvolumeclaims pods pods/attach pods/exec pods/log pods/portforward pods/proxy replicationcontrollers replicationcontrollers/scale secrets serviceaccounts services services/proxy], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[create delete deletecollection get list patch update watch], APIGroups:[], Resources:[buildconfigs buildconfigs/instantiate buildconfigs/instantiatebinary buildconfigs/webhooks buildlogs builds builds/clone builds/log deploymentconfigrollbacks deploymentconfigs deploymentconfigs/log deploymentconfigs/scale deployments generatedeploymentconfigs imagestreamimages imagestreamimports imagestreammappings imagestreams imagestreams/secrets imagestreamtags localresourceaccessreviews localsubjectaccessreviews processedtemplates projects resourceaccessreviews rolebindings roles routes subjectaccessreviews templateconfigs templates], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[create delete deletecollection get list patch update watch], APIGroups:[autoscaling], Resources:[horizontalpodautoscalers], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[create delete deletecollection get list patch update watch], APIGroups:[batch], Resources:[jobs], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[create delete deletecollection get list patch update watch], APIGroups:[extensions], Resources:[horizontalpodautoscalers jobs replicationcontrollers/scale], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[get list watch], APIGroups:[extensions], Resources:[daemonsets], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[get list watch], APIGroups:[], Resources:[bindings configmaps endpoints events imagestreams/status limitranges minions namespaces namespaces/status nodes persistentvolumeclaims persistentvolumes pods pods/log pods/status policies policybindings replicationcontrollers replicationcontrollers/status resourcequotas resourcequotas/status resourcequotausages routes/status securitycontextconstraints serviceaccounts services], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[get update], APIGroups:[], Resources:[imagestreams/layers], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[update], APIGroups:[], Resources:[routes/status], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[get], APIGroups:[], Resources:[users], ResourceNames:[~], Restrictions:<nil>} PolicyRule{Verbs:[list], APIGroups:[], Resources:[projectrequests], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[get list], APIGroups:[], Resources:[clusterroles], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[list], APIGroups:[], Resources:[projects], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[create], APIGroups:[], Resources:[localsubjectaccessreviews subjectaccessreviews], ResourceNames:[], Restrictions:&{{ }}} PolicyRule{Verbs:[get], APIGroups:[], Resources:[], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[get], APIGroups:[], Resources:[], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[create], APIGroups:[], Resources:[builds/source], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[create get], APIGroups:[], Resources:[buildconfigs/webhooks], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[create], APIGroups:[], Resources:[projectrequests], ResourceNames:[], Restrictions:<nil>} PolicyRule{Verbs:[delete], APIGroups:[], Resources:[oauthaccesstokens oauthauthorizetokens], ResourceNames:[], Restrictions:<nil>}] ruleResolutionErrors=[])

But i don't understand this error, because I'm already logged in to the server!

What is the correct way to rise my privileges? Anyone can help? Thanks!


Post has attachment

Post has shared content

Post has attachment

Post has attachment

Post has attachment

Post has attachment

Post has attachment

Post has attachment

Post has attachment
Wait while more posts are being loaded