gtema
commented
4 years ago username and password are expected and not AK/SK
Open robertlemke opened 4 years ago
gtema
commented
4 years ago username and password are expected and not AK/SK
robertlemke
commented
4 years ago Thanks.
I also tried using the credentials of my (admin) user. I looked up my username in "My Credentials" and tried the following as "Username":
As Domain Name I used the Domain Name which was mentioned in "My Credentials". And I used my current password.
Does this maybe fail because Virtual MFA device is enabled for login authentication?
gtema
commented
4 years ago yes, this might happen. Generally you should not use admin credentials either. Create a user with cce_admin privileges (same what you would do for a regular CCE cluster creation through OTC console) and use those privileges in Rancher. Rancher (otc cce driver) uses OTC API, so whatever is possible through the public API should be also working from Rancher.
robertlemke
commented
4 years ago Thanks, that did the trick – I created a new user with CCE admin privileges (and without an email address or mobile phone). This user does work in Rancher.
gtema
commented
4 years ago great. What is also "open" is that creation of the cluster requires authorization of CCE Agency creation (same as you have once trying to provision first ever CCE cluster in the domain/project). Just try to ensure this is done, since otherwise Rancher might be waiting for this to happen in the console without really knowing it is required (you might try manually creating cluster, approving request for the agency and dropping cluster. Done once it is not required in the same project)
robertlemke
commented
4 years ago Sorry if this is obvious but … when running the wizard, I'm stuck at the point where I need to select an SSH Key Pair:
I created key pairs (but with my admin user), so maybe this is an access restriction issue for my rancher user? Which permissions does that use have to have in order find SSH keys? (currently I assigned cce_admin and ecs_admin)
robertlemke
commented
4 years ago Thanks for the new feature issue ;-) In the meantime I figured out that I need to create a new SSH key pair using the same user I use in Rancher.
I tried adding a new cluster using the OTC engine driver and was unsure about which credentials to use.
What I did was using my user's credentials and alternatively creating an access key (via IAM > Users > Set Credentials > Create Access Key). But without luck …