IBM Support

JR62809: ODM DEPLOYMENT ON ROKS FAILS DUE TO DENY ALL NETWORK POLICY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When I deploy ODM with UMS on ROKS 4.4, I found that pod
icp4adeploy-odm-oidc-job-registration-xxxxx is always in
running status and cannot be completed. When I check the log of
it, I found the following
error:

[jiaming.li@ibm.com@Dereks-MacBook-Pro generated-cr]$
oc logs icp4adeploy-odm-oidc-job-registration-rnrjw
Delete the
existing redirect Uris associated to the provided or generated
Client Id
delete URL : https://ums.enterprise.dba-roks44-4245ee0
8d404afbcaa8f0c6b522e175c-0000.us-east.containers.appdomain.clou

d/oidc/endpoint/ums/registration/icp4adeploy-odm-oidc-client-id

% Total % Received % Xferd Average Speed Time Time Time
Current
 Dload Upload Total Spent Left Speed
 0 0 0 0 0 0 0 0
--:--:-- 0:00:20 --:--:-- 0
Warning: Transient problem: timeout
Will retry in 1 seconds. 5 retries left.
 0 0 0 0 0 0 0 0
--:--:-- 0:00:20 --:--:-- 0
curl: (28) Resolving timed out
after 10000 milliseconds
Register the provided redirect Uris
list with the provided or generated Client Id
urisToRegister = "
https://decisioncenter.odm.icp4adeploy.enterprise.dba-roks44-424
5ee08d404afbcaa8f0c6b522e175c-0000.us-east.containers.appdomain.
cloud/oidcclient/redirect/odm","https://decisionrunner.odm.icp4a
deploy.enterprise.dba-roks44-4245ee08d404afbcaa8f0c6b522e175c-00
00.us-east.containers.appdomain.cloud/oidcclient/redirect/odm","
https://decisionserverconsole.odm.icp4adeploy.enterprise.dba-rok
s44-4245ee08d404afbcaa8f0c6b522e175c-0000.us-east.containers.app
domain.cloud/oidcclient/redirect/odm","https://decisionserverrun
time.odm.icp4adeploy.enterprise.dba-roks44-4245ee08d404afbcaa8f0
c6b522e175c-0000.us-east.containers.appdomain.cloud/oidcclient/r
edirect/odm"
urisToRegister doesn't contain any rule designer
callback. Add callbacks using 9081 to 9085 ports
augmented
urisToRegister = "https://decisioncenter.odm.icp4adeploy.enterpr
ise.dba-roks44-4245ee08d404afbcaa8f0c6b522e175c-0000.us-east.con
tainers.appdomain.cloud/oidcclient/redirect/odm","https://decisi
onrunner.odm.icp4adeploy.enterprise.dba-roks44-4245ee08d404afbca
a8f0c6b522e175c-0000.us-east.containers.appdomain.cloud/oidcclie
nt/redirect/odm","https://decisionserverconsole.odm.icp4adeploy.
enterprise.dba-roks44-4245ee08d404afbcaa8f0c6b522e175c-0000.us-e
ast.containers.appdomain.cloud/oidcclient/redirect/odm","https:/
/decisionserverruntime.odm.icp4adeploy.enterprise.dba-roks44-424
5ee08d404afbcaa8f0c6b522e175c-0000.us-east.containers.appdomain.
cloud/oidcclient/redirect/odm","https://127.0.0.1:9081/oidcCallb
ack","https://127.0.0.1:9082/oidcCallback","https://127.0.0.1:90
83/oidcCallback","https://127.0.0.1:9084/oidcCallback","https://
127.0.0.1:9085/oidcCallback"
register OIDC_CLIENT_ID :
icp4adeploy-odm-oidc-client-id

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* Deploying ODM on ROKJS                                       *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* When I deploy ODM with UMS on ROKS 4.4, I found that pod     *
* icp4adeploy-odm-oidc-job-registration-xxxxx is always in     *
* running status and cannot be completed. When I check the log *
* of it, I found the following error:                          *
*                                                              *
* [jiaming.li@ibm.com@Dereks-MacBook-Pro generated-cr]$ oc     *
* logs icp4adeploy-odm-oidc-job-registration-rnrjw             *
* Delete the existing redirect Uris associated to the provided *
* or generated Client Id                                       *
* delete URL :                                                 *
* https://ums.enterprise.dba-roks44-4245ee08d404afbcaa8f0c6b52 *
* 2e175c-0000.us-east.containers.appdomain.cloud/oidc/endpoint *
* /ums/registration/icp4adeploy-odm-oidc-client-id             *
*   % Total    % Received % Xferd  Average Speed   Time        *
* Time     Time  Current                                       *
*                                  Dload  Upload   Total       *
* Spent    Left  Speed                                         *
*   0     0    0     0    0     0      0      0 --:--:--       *
* 0:00:20 --:--:--     0                                       *
* Warning: Transient problem: timeout Will retry in 1 seconds. *
* 5 retries left.                                              *
*   0     0    0     0    0     0      0      0 --:--:--       *
* 0:00:20 --:--:--     0                                       *
* curl: (28) Resolving timed out after 10000 milliseconds      *
* Register the provided redirect Uris list with the provided   *
* or generated Client Id                                       *
* urisToRegister =                                             *
* "https://decisioncenter.odm.icp4adeploy.enterprise.dba-roks4 *
* 4-4245ee08d404afbcaa8f0c6b522e175c-0000.us-east.containers.a *
* ppdomain.cloud/oidcclient/redirect/odm","https://decisionrun *
* ner.odm.icp4adeploy.enterprise.dba-roks44-4245ee08d404afbcaa *
* 8f0c6b522e175c-0000.us-east.containers.appdomain.cloud/oidcc *
* lient/redirect/odm","https://decisionserverconsole.odm.icp4a *
* deploy.enterprise.dba-roks44-4245ee08d404afbcaa8f0c6b522e175 *
* c-0000.us-east.containers.appdomain.cloud/oidcclient/redirec *
* t/odm","https://decisionserverruntime.odm.icp4adeploy.enterp *
* rise.dba-roks44-4245ee08d404afbcaa8f0c6b522e175c-0000.us-eas *
* t.containers.appdomain.cloud/oidcclient/redirect/odm"        *
* urisToRegister doesn't contain any rule designer callback.   *
* Add callbacks using 9081 to 9085 ports                       *
* augmented urisToRegister =                                   *
* "https://decisioncenter.odm.icp4adeploy.enterprise.dba-roks4 *
* 4-4245ee08d404afbcaa8f0c6b522e175c-0000.us-east.containers.a *
* ppdomain.cloud/oidcclient/redirect/odm","https://decisionrun *
* ner.odm.icp4adeploy.enterprise.dba-roks44-4245ee08d404afbcaa *
* 8f0c6b522e175c-0000.us-east.containers.appdomain.cloud/oidcc *
* lient/redirect/odm","https://decisionserverconsole.odm.icp4a *
* deploy.enterprise.dba-roks44-4245ee08d404afbcaa8f0c6b522e175 *
* c-0000.us-east.containers.appdomain.cloud/oidcclient/redirec *
* t/odm","https://decisionserverruntime.odm.icp4adeploy.enterp *
* rise.dba-roks44-4245ee08d404afbcaa8f0c6b522e175c-0000.us-eas *
* t.containers.appdomain.cloud/oidcclient/redirect/odm","https *
* ://127.0.0.1:9081/oidcCallback","https://127.0.0.1:9082/oidc *
* Callback","https://127.0.0.1:9083/oidcCallback","https://127 *
* .0.0.1:9084/oidcCallback","https://127.0.0.1:9085/oidcCallba *
* ck"                                                          *
* register OIDC_CLIENT_ID : icp4adeploy-odm-oidc-client-id     *
* registration URL :                                           *
* https://ums.enterprise.dba-roks44-4245ee08d404afbcaa8f0c6b52 *
* 2e175c-0000.us-east.containers.appdomain.cloud/oidc/endpoint *
* /ums/registration                                            *
* RET Code = 000                                               *
* Registration failed                                          *
* urisToRegister =                                             *
* "https://decisioncenter.odm.icp4adeploy.enterprise.dba-roks4 *
* 4-4245ee08d404afbcaa8f0c6b522e175c-0000.us-east.containers.a *
* ppdomain.cloud/oidcclient/redirect/odm","https://decisionrun *
* ner.odm.icp4adeploy.enterprise.dba-roks44-4245ee08d404afbcaa *
* 8f0c6b522e175c-0000.us-east.containers.appdomain.cloud/oidcc *
* lient/redirect/odm","https://decisionserverconsole.odm.icp4a *
* deploy.enterprise.dba-roks44-4245ee08d404afbcaa8f0c6b522e175 *
* c-0000.us-east.containers.appdomain.cloud/oidcclient/redirec *
* t/odm","https://decisionserverruntime.odm.icp4adeploy.enterp *
* rise.dba-roks44-4245ee08d404afbcaa8f0c6b522e175c-0000.us-eas *
* t.containers.appdomain.cloud/oidcclient/redirect/odm"        *
* urisToRegister doesn't contain any rule designer callback.   *
* Add callbacks using 9081 to 9085 ports                       *
* augmented urisToRegister =                                   *
* "https://decisioncenter.odm.icp4adeploy.enterprise.dba-roks4 *
* 4-4245ee08d404afbcaa8f0c6b522e175c-0000.us-east.containers.a *
* ppdomain.cloud/oidcclient/redirect/odm","https://decisionrun *
* ner.odm.icp4adeploy.enterprise.dba-roks44-4245ee08d404afbcaa *
* 8f0c6b522e175c-0000.us-east.containers.appdomain.cloud/oidcc *
* lient/redirect/odm","https://decisionserverconsole.odm.icp4a *
* deploy.enterprise.dba-roks44-4245ee08d404afbcaa8f0c6b522e175 *
* c-0000.us-east.containers.appdomain.cloud/oidcclient/redirec *
* t/odm","https://decisionserverruntime.odm.icp4adeploy.enterp *
* rise.dba-roks44-4245ee08d404afbcaa8f0c6b522e175c-0000.us-eas *
* t.containers.appdomain.cloud/oidcclient/redirect/odm","https *
* ://127.0.0.1:9081/oidcCallback","https://127.0.0.1:9082/oidc *
* Callback","https://127.0.0.1:9083/oidcCallback","https://127 *
* .0.0.1:9084/oidcCallback","https://127.0.0.1:9085/oidcCallba *
* ck"                                                          *
* register OIDC_CLIENT_ID : icp4adeploy-odm-oidc-client-id     *
* registration URL :                                           *
* https://ums.enterprise.dba-roks44-4245ee08d404afbcaa8f0c6b52 *
* 2e175c-0000.us-east.containers.appdomain.cloud/oidc/endpoint *
* /ums/registration                                            *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************

    



Problem conclusion


    

  • Deployment is fixed.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR62809
    • 

  • Reported component name
    CLOUD PAK FOR A
    • 

  • Reported component ID
    5737I2300
    • 

  • Reported release
    K00
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-09-16
    • 

  • Closed date
    2020-09-21
    • 

  • Last modified date
    2020-09-21
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    CLOUD PAK FOR A
    • 

  • Fixed component ID
    5737I2300
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"K00","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            11 March 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback