Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"chectl workspace:create --start" error 'User "system:serviceaccount:eclipse-che:che" cannot get path "/"' #20401

Closed
Tracked by #20326
dmytro-ndp opened this issue Sep 2, 2021 · 0 comments
Closed
Tracked by #20326

"chectl workspace:create --start" error 'User "system:serviceaccount:eclipse-che:che" cannot get path "/"' #20401

dmytro-ndp opened this issue Sep 2, 2021 · 0 comments
Assignees
@mshaposhnik
Labels
area/che-server e2e-test/failure Issues that is related to a test failures reported by our CI platform and our QE. kind/bug Outline of a bug - must adhere to the bug report template. severity/blocker Causes system to crash and be non-recoverable or prevents Che developers from working on Che code.
Milestone
7.36

Comments

@dmytro-ndp
Copy link
Contributor

dmytro-ndp commented Sep 2, 2021
edited
Loading

Describe the bug

Next chectl command failed to create test workspace in Happy path tests to minikube https://main-jenkins-csb-crwqe.apps.ocp4.prod.psi.redhat.com/job/Che/job/e2e/job/minikube/job/pr-check/job/che-tests-pr-check/166/execution/node/96/log/:

chectl workspace:create --start --devfile=/mnt/hudson_workspace/workspace/Che/e2e/minikube/pr-check/che-tests-pr-check/test-workspace-devfile.yaml --telemetry=off --chenamespace=eclipse-che

 (node:20202) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
     Error: E_CHE_API_UNKNOWN_ERROR - Endpoint: https://che-eclipse-che.10.0.21
     0.163.nip.io/api/workspace/workspace9ua0lce9ac5v7lzv/runtime -Status: 500

Server log:

2021-09-02 09:35:19,799[nio-8080-exec-9]  [INFO ] [o.e.c.a.w.s.WorkspaceManager 693]    - Workspace 'admin/petclinic-dev-environment' with id 'workspace9ua0lce9ac5v7lzv' created by user 'admin'
2021-09-02 09:35:25,121[nio-8080-exec-8]  [ERROR] [c.a.c.r.RuntimeExceptionMapper 47]   - Internal Server Error occurred, error time: 2021-09-02 09:35:25
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://10.96.0.1/. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. forbidden: User "system:serviceaccount:eclipse-che:che" cannot get path "/".
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:686)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:623)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:565)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:526)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:509)
	at io.fabric8.kubernetes.client.dsl.base.BaseOperation.getRootPaths(BaseOperation.java:201)
	at io.fabric8.kubernetes.client.BaseClient.rootPaths(BaseClient.java:138)
	at io.fabric8.kubernetes.client.BaseClient.supportsApiPath(BaseClient.java:143)
	at org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.ensureImplicitRolesWithBindings(AbstractWorkspaceServiceAccount.java:134)
	at org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.prepare(AbstractWorkspaceServiceAccount.java:100)
	at org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory.getOrCreate(KubernetesNamespaceFactory.java:369)
	at org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesRuntimeContext.getRuntime(KubernetesRuntimeContext.java:76)
	at org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesRuntimeContext.getRuntime(KubernetesRuntimeContext.java:33)
	at org.eclipse.che.api.workspace.server.WorkspaceRuntimes.startAsync(WorkspaceRuntimes.java:462)
	at org.eclipse.che.api.workspace.server.WorkspaceManager.startAsync(WorkspaceManager.java:528)
	at org.eclipse.che.api.workspace.server.WorkspaceManager.startWorkspace(WorkspaceManager.java:383)
	at org.eclipse.che.multiuser.resource.api.workspace.LimitsCheckingWorkspaceManager.startWorkspace(LimitsCheckingWorkspaceManager.java:152)
	at org.eclipse.che.api.workspace.server.WorkspaceService.startById(WorkspaceService.java:405)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.everrest.core.impl.method.DefaultMethodInvoker.invokeMethod(DefaultMethodInvoker.java:141)
	at org.everrest.core.impl.method.DefaultMethodInvoker.invokeMethod(DefaultMethodInvoker.java:61)
	at org.everrest.core.impl.RequestDispatcher.doInvokeResource(RequestDispatcher.java:307)
	at org.everrest.core.impl.RequestDispatcher.invokeSubResourceMethod(RequestDispatcher.java:298)
	at org.everrest.core.impl.RequestDispatcher.dispatch(RequestDispatcher.java:234)
	at org.everrest.core.impl.RequestDispatcher.dispatch(RequestDispatcher.java:129)
	at org.everrest.core.impl.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:63)
	at org.everrest.core.impl.EverrestProcessor.process(EverrestProcessor.java:121)
	at org.everrest.core.servlet.EverrestServlet.service(EverrestServlet.java:62)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
	at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:290)
	at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:280)
	at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:184)
	at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:89)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)
	at org.eclipse.che.core.metrics.ApiResponseMetricFilter.doFilter(ApiResponseMetricFilter.java:46)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.eclipse.che.commons.logback.filter.IdentityIdLoggerFilter.doFilter(IdentityIdLoggerFilter.java:49)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.eclipse.che.multiuser.api.authentication.commons.filter.MultiUserEnvironmentInitializationFilter.doFilter(MultiUserEnvironmentInitializationFilter.java:142)
	at org.eclipse.che.multiuser.keycloak.server.KeycloakEnvironmentInitializationFilter.doFilter(KeycloakEnvironmentInitializationFilter.java:99)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.eclipse.che.multiuser.machine.authentication.server.MachineLoginFilter.doFilter(MachineLoginFilter.java:76)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.eclipse.che.commons.logback.filter.RequestIdLoggerFilter.doFilter(RequestIdLoggerFilter.java:50)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:121)
	at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:133)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:194)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Unknown Source)

chectl/0.0.20210827-next.0a66953 linux-x64 node-v12.22.5

Test workspace devfile: https://raw.githubusercontent.com/eclipse/che/main/tests/e2e/files/happy-path/happy-path-workspace.yaml

Che version

next (development version)

Steps to reproduce

  1. Install Che next.
  2. Create test workspace from devfile https://raw.githubusercontent.com/eclipse/che/main/tests/e2e/files/happy-path/happy-path-workspace.yaml by using chectl

Expected behavior

Test workspace is started.

Runtime

minikube

Screenshots

No response

Installation method

chectl/next

Environment

Linux

Eclipse Che Logs

No response

Additional context

Recent changes on che-server side: eclipse-che/che-server#93
@dmytro-ndp dmytro-ndp added kind/bug Outline of a bug - must adhere to the bug report template. severity/blocker Causes system to crash and be non-recoverable or prevents Che developers from working on Che code. e2e-test/failure Issues that is related to a test failures reported by our CI platform and our QE. area/chectl Issues related to chectl, the CLI of Che labels Sep 2, 2021
@dmytro-ndp dmytro-ndp changed the title "chectl workspace:create --start" failed 500 error 'User "system:serviceaccount:eclipse-che:che" cannot get path "/"' "chectl workspace:create --start" error 'User "system:serviceaccount:eclipse-che:che" cannot get path "/"' Sep 2, 2021
@dmytro-ndp dmytro-ndp added area/che-server and removed area/chectl Issues related to chectl, the CLI of Che labels Sep 2, 2021
@mshaposhnik mshaposhnik mentioned this issue Sep 2, 2021
Merged
9 tasks
@skabashnyuk skabashnyuk mentioned this issue Sep 3, 2021
Closed
10 tasks
@dmytro-ndp dmytro-ndp added this to the 7.36 milestone Sep 3, 2021
@skabashnyuk skabashnyuk mentioned this issue Sep 8, 2021
Closed
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mshaposhnik mshaposhnik

Labels
area/che-server e2e-test/failure Issues that is related to a test failures reported by our CI platform and our QE. kind/bug Outline of a bug - must adhere to the bug report template. severity/blocker Causes system to crash and be non-recoverable or prevents Che developers from working on Che code.
Projects
None yet
Milestone
7.36
Development

No branches or pull requests
2 participants
@dmytro-ndp @mshaposhnik