Bug 1804901
| Summary: | [3.11] - oc login fails with 400 bad gateway | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Vladislav Walek <vwalek> |
| Component: | apiserver-auth | Assignee: | Standa Laznicka <slaznick> |
| Status: | CLOSED NOTABUG | QA Contact: | scheng |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | 3.11.0 | CC: | aos-bugs, mfojtik, scuppett, slaznick, tmanor |
| Target Milestone: | --- | ||
| Target Release: | 3.11.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-04-21 09:19:07 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Vladislav, could you please add logs from the failing master that will contain the failed attempts of oc login? I've been unable to retrieve files from customer portal lately but I would have expected you adding them here when creating the BZ anyway. Not sure if any KB article was created but this is still in my assigned bugs and I don't like that, closing. |
Description of problem: When trying to oc login to the first master, the login fails with error 400 bad gateway: I0207 17:14:38.349478 78029 helpers.go:201] server response object: [{ "metadata": {}, "status": "Failure", "message": "Internal error occurred: unexpected response: 400", "reason": "InternalError", "details": { "causes": [ { "message": "unexpected response: 400" After checking we found that the problem is in URL: I0207 17:14:38.251082 78029 round_trippers.go:383] GET https://<master-api>/oauth/authorize?client_id=openshift-challenging-client&code_challenge=TCyOGjmo1xkJT5WHCSVzLSKj7a21q0wzHBWf8UsUJhM&code_challenge_method=S256&redirect_uri=https%3A%2F%2F<master-api>%2Foauth%2Ftoken%2Fimplicit&response_type=code When running the same URL with curl, the result is: {"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed."} * Connection #0 to host <master-api> left intact Customer found that this is happening when trying to login against the first master: # oc login https://master1... If running against LB or master2 or 3 - it works as expected. Also to note, master1 was taken out from the LB due it caused the issues with login. Version-Release number of selected component (if applicable): OpenShift Container Platform 3.11 How reproducible: not reproducible Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: