K
Q

OpenShift Origin - Failed to fetch the file: [Errno 13] Permission denied For ETCD Certificartes

10/3/2017

I am trying to install OpenShift Origin using Ansible playbook.

I have 3 Master, 3 External ETCD hosts. So while running the playbook, I get the following error:

  1. Hosts:    etcd_host1_ip
     Play:     Configure etcd
     Task:     Retrieve etcd cert tarball
     Message:  Failed to fetch the file: [Errno 13] Permission denied: '/tmp/etcd_certificates-94b5HdP/etcd-dts-etcd-3.fcxlocal.tgz'

  2. Hosts:    etcd_host2_ip
     Play:     Configure etcd
     Task:     Retrieve etcd cert tarball
     Message:  Failed to fetch the file: [Errno 13] Permission denied: '/tmp/etcd_certificates-liHJ5gz/etcd-dts-etcd-1.fcxlocal.tgz'

  3. Hosts:    etcd_host3_ip
     Play:     Configure etcd
     Task:     Retrieve etcd cert tarball
     Message:  Failed to fetch the file: [Errno 13] Permission denied: '/tmp/etcd_certificates-A9PENQO/etcd-dts-etcd-2.fcxlocal.tgz'

I have set the following variables in the Ansible inventory file:

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
ansible_become=true
ansible_ssh_user=nonroot_user
openshift_deployment_type=origin

On Master oc version, gives following info:

oc v3.6.0+c4dd4cf
kubernetes v1.6.1+5115d708d7
features: Basic-Auth GSSAPI Kerberos SPNEGO

As I understand, when I run the Ansible playbook, these etcd required certificate tarballs are being exported to the /tmp path of the host machine form where playbook is being triggered. Since I am running the Ansible with a different user with passwordless sudo access and these tarball files are exported to /tmp with root access only. Hence I am getting this Permission denied issue.

How can I overcome this problem ?

What I have tried so far ?

I have tried to give chmod -R 777 /tmp , but this does not work as those tarball files are exported during ansible playbook runtime with root access only.

Any help will be highly appreciated! Thanks

-- dp7
kubernetes
openshift
openshift-origin
redhat

Similar Questions

kubernetes ssh connection refused on gcloud
What namespace should the Kubernetes Nginx Ingress Controller be in?
how to serve multiple service of a container via https in GCE
How do pods on the same node communicate with each other?

1 Answer

2/21/2020

I got almost the same error as yours. In my case, the error happened on the task of "Retrieve etcd cert tarball". Error message: Unable to create local directories(/tmp/{Master-hostname}/etc/etcd/generated_certs):[Errno 13] Permission denied /tmp/{Master-hostname}

I executed the deploy-cluster.yaml playbook on my Bastion/Boot node. (This node is separated from other OpenShift cluster node). I checked the permission of my OpenShift node (3Master, 3Infra, 3Worker), and they are showing the expected permission as 777. But, I noticed the /tmp directory on my Bastion/Boot node was changed to 755 (root:root). Other user can't write this folder. During the OpenShift installation, Ansible creates temporary directory (for the etcd certificates) on /tmp. Since there is no permission for other user to write the /tmp, the process terminated. (In my case, the Ansible playbook is executed on Bastion/Boot node as Ansible server)

I fixed the problem by giving write permission to Other user by setting it to 777. Re-run the deploy-cluster.yaml and it should be fine.

There is still one big question, why the /tmp on my Bastion/Boot node changed to 755. I am sure my /tmp directory was previously set as 777, but it changed (misteriously?) to 755. (which is the cause of the Permission denied)

-- fahmifahim
Source: StackOverflow