tripleo

Tripleo-deployed openshift: master nodes don't pick changes to openshift_master_identity_providers

Bug #1807668 reported by Martin André on 2018-12-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	Medium	Martin André	tripleo stein-2

Bug Description

Initially reported at https://bugzilla.redhat.com/show_bug.cgi?id=1654070

Initial deployment is done with:

  OpenShiftGlobalVariables:
    openshift_master_identity_providers:
    - name: allow_all
      login: 'true'
      challenge: true
      kind: AllowAllPasswordIdentityProvider

In a subsequent stack update we set it to htpasswd_auth:

  OpenShiftGlobalVariables:
    openshift_master_identity_providers:
    - name: 'htpasswd_auth'
      login: 'true'
      challenge: 'true'
      kind: 'HTPasswdPasswordIdentityProvider'
    openshift_master_htpasswd_users:
      marius: '$apr1$jpBOUqeU$X4jUsMyCHOOp8TFYtPq0v1'

But after the stack update succeeds we're still able to log in with any user/pass which points to the new configuration not being applied.

The openshift documentation states that "After making changes to an identity provider, you must restart the master services for the changes to take effect".

https://docs.openshift.com/container-platform/3.11/install_config/configuring_authentication.html#overview

See original description

Tags:

Revision history for this message

mark rob (mark1221) wrote on 2018-12-10:

The same issue has been happening to me also and to fix that I have tried many modules but did not happen anything. I think the configuration has to be changed. I have also contacted https://uaewebsitedevelopment.com/best-wordpress-plugins-for-seo/ for the solution.

Martin André (mandre) on 2018-12-10

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-12-10: Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/624011

Changed in tripleo:
assignee:	nobody → Martin André (mandre)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-01-10: Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/624011
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=df8e5924980ed875274873ca2100181f26b88263
Submitter: Zuul
Branch: master

commit df8e5924980ed875274873ca2100181f26b88263
Author: Martin André <email address hidden>
Date: Mon Dec 10 08:55:16 2018 +0100

Restart openshift master services after stack update

    For some configs changes, such as the identity providers, it is
    necessary to restart the master services in order for them to take
    effect.

Change-Id: I6ecb054d0e18acc4dc422a7ce136432d5135c64c
Closes-Bug: #1807668

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-01-11: Fix proposed to tripleo-heat-templates (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/630097

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-01-24: Fix merged to tripleo-heat-templates (stable/rocky)

Reviewed: https://review.openstack.org/630097
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=caf97046f9d0bad4bedb70ab8ea8b03109f80306
Submitter: Zuul
Branch: stable/rocky

commit caf97046f9d0bad4bedb70ab8ea8b03109f80306
Author: Martin André <email address hidden>
Date: Mon Dec 10 08:55:16 2018 +0100

Restart openshift master services after stack update

    For some configs changes, such as the identity providers, it is
    necessary to restart the master services in order for them to take
    effect.

    Change-Id: I6ecb054d0e18acc4dc422a7ce136432d5135c64c
    Closes-Bug: #1807668
    (cherry picked from commit df8e5924980ed875274873ca2100181f26b88263)