Bug 1633301
| Summary: | LDAP provider configuration using insecure results failure to start master. | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Ryan Howe <rhowe> |
| Component: | Installer | Assignee: | Vadim Rutkovsky <vrutkovs> |
| Status: | CLOSED DUPLICATE | QA Contact: | Johnny Liu <jialiu> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.10.0 | CC: | aos-bugs, jokerman, mmccomas |
| Target Milestone: | --- | ||
| Target Release: | 3.10.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-09-27 01:53:18 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1627764 *** |
Description of problem: When trying to configure an ldap provider with the insecure parameter set, we endup with a master-config that causes failure with master to start. Version-Release number of the following components: # rpm -q openshift-ansible openshift-ansible-3.10.47-1.git.0.95bc2d2.el7_5.noarch # rpm -q ansible ansible-2.4.6.0-1.el7ae.noarch # ansible --version ansible 2.4.6.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /bin/ansible python version = 2.7.5 (default, Feb 20 2018, 09:19:12) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] How reproducible: 100% Steps to Reproduce: 1. Install 3.10 with the following identity providers openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'insecure': 'true', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}] Actual results: Master Fails with error: Invalid MasterConfig /etc/origin/master/master-config.yaml oauthConfig.identityProvider[0].provider.ca: Invalid value: "/etc/origin/master/my_ldap_provider_ldap_ca.crt": Cannot specify a ca with insecure=true Expected results: Ca to not get set for identity providers in master-config.yaml Additional info: Upstream 3.11 fix: https://github.com/openshift/openshift-ansible/pull/9889 Back Port to 3.10 needed