Bug 1383010

Summary: [ocp-on-osp]Should use the authentication which is supported natively by openshift-ansible
Product: OpenShift Container Platform Reporter: Gan Huang <ghuang>
Component: InstallerAssignee: Tomas Sedovic <tsedovic>
Status: CLOSED WONTFIX QA Contact: Johnny Liu <jialiu>
Severity: low Docs Contact:
Priority: low    
Version: 3.3.0CC: aos-bugs, jokerman, mlamouri, mmccomas, scollier, tsedovic
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-31 15:57:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Gan Huang 2016-10-09 06:24:25 UTC
Description of problem:
Many auths including LDAPs/htpasswd have been supported in openshift-ansible:
https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.ose.example#L101-L151, and currently we are able to use the extra_openshift_ansible_params parameter to pass all the openshift-ansible parameters. So it's better to use the parameters related to auths in openshift-ansible directly instead of the parameters in heat-stack envs.

Version-Release number of selected component (if applicable):
openshift-on-openstack v0.9.1

How reproducible:
100%

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:
Should remove the code and docs related to auth in openshift-on-openstack repo.

Additional info:

Comment 1 Jan Provaznik 2016-10-10 10:05:37 UTC
In future it makes sense to to replace LDAP params with extra_openshift_ansible_params config directly consumable by openshift-ansible. With this switch though it will also be needed to add a mechanism for setting some defaults (htpasswd) if user doesn't pass authentication config explicitly. This has IMO low priority (you can already use this syntax if preferred).

Comment 2 Gan Huang 2016-10-11 02:23:21 UTC
Not sure if "htpasswd" is the best choice for the default authentication. Because we need to add the same users in all the masters manually in HA deployment, and "htpasswd" is not available in containerized deployment.

Comment 3 Jan Provaznik 2016-10-17 07:37:23 UTC
@Gan: yes, good point. In my previous comment I meant that a logic of "use some default" will have to be added before relying on the JSON format, whatever default value it will be.

Comment 4 Jan Provaznik 2016-10-19 17:49:18 UTC
I set target release to 3.4.0 to distinguish BZs which will be fixed in a next release.

Comment 6 Scott Dodson 2019-01-31 15:57:00 UTC
There appear to be no active cases related to this bug. As such we're closing this bug in order to focus on bugs that are still tied to active customer cases. Please re-open this bug if you feel it was closed in error or a new active case is attached.