Hi Graham!
On Thu, Aug 2, 2018 at 10:11 PM, Graham Dumpleton <gdump...@redhat.com> wrote: > For Minishift I believe you can run: > > oc adm policy add-scc-to-user anyuid -z default -n tomcat8 --as > system:admin > > So use user impersonation to run as system:admin. > > Thanks, that worked, though I had to break it into two steps as it didn't seem to take effect with "--as system:admin": ``` bash-3.2$ oc login -u system:admin Logged into "https://192.168.99.101:8443" as "system:admin" using existing credentials. You have access to the following projects and can switch between them with 'oc project <projectname>': * default insultapp kube-public kube-system myproject openshift openshift-infra openshift-node openshift-web-console parksapp tomcat8 wfproject Using project "default". bash-3.2$ oc adm policy add-scc-to-user anyuid -z default -n tomcat8 ``` > > On 2 Aug 2018, at 6:46 pm, Clayton Coleman <ccole...@redhat.com> wrote: > > > > User “admin” (that’s the user name) must be given real admin > > privileges to perform that action, which the error is telling you you > > don’t have. > > > > You must run as a cluster admin or other highly privileged user in > > order to modify the security rules. The only user that has that by > > default is the system:admin user the initial install creates. > > > >> On Aug 1, 2018, at 9:15 PM, Traiano Welcome <trai...@gmail.com> wrote: > >> > >> Hi > >> > >> I was working through the O'Reilly book "OpenShift for developers" but > the example on page 75, where tomcat8 is run fails: > >> > >> - The container remains in crashloop backoff > >> - The logs show the container is having permission issues: > >> > >> ---- > >> Aug 02, 2018 1:03:47 AM org.apache.catalina.startup.Catalina load > >> WARNING: Unable to load server configuration from > [/usr/local/tomcat/conf/server.xml] > >> Aug 02, 2018 1:03:47 AM org.apache.catalina.startup.Catalina load > >> WARNING: Permissions incorrect, read permission is not allowed on the > file. > >> Aug 02, 2018 1:03:47 AM org.apache.catalina.startup.Catalina start > >> SEVERE: Cannot start server. Server instance is not configured. > >> ---- > >> > >> - This appears to be due to openshift/minishift not allowing containers > to run as root > >> - I try installing the anyuid addon and running this command: > >> - oc adm policy add-scc-to-user anyuid -z default -n tomcat8 > >> - However it fails with this error despite the anyuid addon being > applied: > >> > >> ---- > >> Error from server (Forbidden): securitycontextconstraints "anyuid" is > forbidden: User "admin" cannot get securitycontextconstraints at the > cluster scope: User "admin" cannot get securitycontextconstraints at the > cluster scope > >> ---- > >> > >> > >> How do I fix this? > >> > >> Thanks in advance, > >> Traiano > >> > >> _______________________________________________ > >> users mailing list > >> users@lists.openshift.redhat.com > >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > > _______________________________________________ > > users mailing list > > users@lists.openshift.redhat.com > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users