Bug 1415979
Summary: | OCP HA failed at 90%, ansible: "Login failed (401 Unauthorized)" | ||
---|---|---|---|
Product: | Red Hat Quickstart Cloud Installer | Reporter: | Antonin Pagac <apagac> |
Component: | Installation - OpenShift | Assignee: | Dylan Murray <dymurray> |
Status: | CLOSED ERRATA | QA Contact: | Antonin Pagac <apagac> |
Severity: | unspecified | Docs Contact: | Derek <dcadzow> |
Priority: | unspecified | ||
Version: | 1.1 | CC: | apagac, arubin, bthurber, dymurray, qci-bugzillas |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | 1.1 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-02-28 01:45:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Antonin Pagac
2017-01-24 09:56:56 UTC
Antonin if you do hit this again please run 'oc get users' to see if the cloudsuite-install user was ever created. That will help debug why you got this issue. Antonin, Are you able to reproduce this issue and provide logs or a machine we can ssh into? I reproduced the issue just now, ISO QCI-1.1-RHEL-7-20170124.1. I logged into the master1 machine and run 'oc get users': " [root@sat62fusor .ssh]# ssh -i id_rsa-ocpha2 ocpha2-ocp-master1.example.com The authenticity of host 'ocpha2-ocp-master1.example.com (192.168.235.133)' can't be established. ECDSA key fingerprint is 72:70:c0:f2:4c:fc:55:b9:de:e8:8c:8b:bc:31:a3:69. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ocpha2-ocp-master1.example.com,192.168.235.133' (ECDSA) to the list of known hosts. Last login: Fri Jan 27 05:39:05 2017 from 192.168.235.10 [root@ocpha2-ocp-master1 ~]# oc get users [root@ocpha2-ocp-master1 ~]# " I'm sending credentials to the env to Dylan/John via email. What appears to be happening is that the 'oc login' requests are being round-robin load balanced among the three master hosts. The users' credentials are only stored on the primary master host as seen here: https://github.com/fusor/ansible-ocp/blob/master/playbooks/ha/post_install.yml#L24 so only requests routed to the primary master host will be successful. Derek Whatley confirmed this by monitoring the haproxy logs. PR made it in to: QCI-1.1-RHEL-7-20170127.t.0 Verified in QCI-1.1-RHEL-7-20170209.t.0. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:0335 |