Bug 1434875

Summary: mod_auth_mellon package issue in OSP 10/11
Product: Red Hat OpenStack Reporter: Rodrigo Duarte <rduartes>
Component: documentationAssignee: Martin Lopes <mlopes>
Status: CLOSED CURRENTRELEASE QA Contact: RHOS Documentation Team <rhos-docs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 12.0 (Pike)CC: aschultz, jdennis, mburns, mlopes, nkinder, panbalag, rhel-osp-director-maint, srevivo
Target Milestone: ---Keywords: Triaged
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-08-03 03:39:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rodrigo Duarte 2017-03-22 14:14:43 UTC 
An issue that always happen when configuring federation (Federated Identity feature) is that mod_auth_mellon needs to be reinstalled in the controllers for it to work properly. Below we can check some of the configuration files from the module are missing:

[root@controller-2 ~]# rpm -ql mod_auth_mellon
/etc/httpd/conf.d/auth_mellon.conf
/etc/httpd/conf.modules.d/10-auth_mellon.conf
/run/mod_auth_mellon
/usr/lib/tmpfiles.d/mod_auth_mellon.conf
/usr/lib64/httpd/modules/mod_auth_mellon.so
/usr/libexec/mod_auth_mellon
/usr/libexec/mod_auth_mellon/mellon_create_metadata.sh
/usr/share/doc/mod_auth_mellon-0.11.0
/usr/share/doc/mod_auth_mellon-0.11.0/ECP.rst
/usr/share/doc/mod_auth_mellon-0.11.0/NEWS
/usr/share/doc/mod_auth_mellon-0.11.0/README
/usr/share/licenses/mod_auth_mellon-0.11.0
/usr/share/licenses/mod_auth_mellon-0.11.0/COPYING

[root@controller-2 ~]# ls /etc/httpd/conf.d/ | grep mellon
[root@controller-2 ~]# ls /etc/httpd/conf.modules.d/ | grep mellon
Comment 1 Rodrigo Duarte 2017-03-22 14:15:39 UTC 
Set the component to "openstack-tripleo", please reassign it for the correct package if it is the case.
Comment 2 Alex Schultz 2017-03-24 18:42:11 UTC 
This is probably happening because puppet (via the apache module) will remove any modules not accounted for in our apache configuration. We would need to explicitly ensure that ::apache::mod::auth_mellon is included when configuring federation with mod_auth_mellon
Comment 6 John Dennis 2017-10-30 20:34:04 UTC 
*** Bug 1497718 has been marked as a duplicate of this bug. ***
Comment 7 John Dennis 2017-10-30 20:36:25 UTC 
Note: bug #1497718 which was closed as a duplicate of this one contains some additional information concerning how to get mod_auth_mellon under Puppet control, you may wish to review that material.
Comment 9 Martin Lopes 2018-01-10 05:56:20 UTC 
Made some light edits to content. Confirmed that John's new section is in the published version of the OSP12 guide: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html-single/federate_with_identity_service/#prerequisites