Bug 2052095
Summary: | Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1 | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | brad.williams |
Component: | Management Console | Assignee: | Jon Jackson <jonjacks> |
Status: | CLOSED ERRATA | QA Contact: | Yadan Pei <yapei> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.10 | CC: | aos-bugs, jhadvig, spadgett, wking, yanpzhan |
Target Milestone: | --- | ||
Target Release: | 4.11.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-08-10 10:48:33 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2052644 |
Description
brad.williams
2022-02-08 17:11:24 UTC
Could reproduce this issue. Steps to reproduce: 1. Launch 4.9.19 cluster. Login web console, keep console page open. 2. Upgrade to 4.10.0-rc.1. [root@MiWiFi-R1CM ~]# oc get clusterversions.config.openshift.io version NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.0-rc.1 True False 2m16s Cluster version is 4.10.0-rc.1 3. Go back on console page, logout, and try login again, could not login successfully, the page always redirect in auth loop(url is <console>/error?error=invalid_state&error_type=auth). Check console pod logs: [root@MiWiFi-R1CM ~]# oc logs console-6dcc484766-llklk -n openshift-console W0209 07:47:29.207445 1 main.go:212] Flag inactivity-timeout is set to less then 300 seconds and will be ignored! I0209 07:47:29.207860 1 main.go:342] cookies are secure! E0209 07:47:34.452054 1 auth.go:232] error contacting auth provider (retrying in 10s): Get "https://kubernetes.default.svc/.well-known/oauth-authorization-server": context deadline exceeded (Client.Timeout exceeded while awaiting headers) I0209 07:47:44.479196 1 main.go:766] Binding to [::]:8443... I0209 07:47:44.479226 1 main.go:768] using TLS E0209 08:06:38.639592 1 auth.go:377] state in url does not match State cookie E0209 08:08:29.246487 1 auth.go:377] state in url does not match State cookie E0209 08:09:33.499223 1 auth.go:377] state in url does not match State cookie E0209 08:11:09.797095 1 auth.go:377] state in url does not match State cookie E0209 08:11:21.765905 1 auth.go:377] state in url does not match State cookie E0209 08:11:32.214733 1 auth.go:377] state in url does not match State cookie E0209 08:11:42.850703 1 auth.go:377] state in url does not match State cookie E0209 08:11:53.525761 1 auth.go:377] state in url does not match State cookie E0209 08:12:05.074924 1 auth.go:377] state in url does not match State cookie E0209 08:12:17.508334 1 auth.go:377] state in url does not match State cookie E0209 08:12:28.424593 1 auth.go:377] state in url does not match State cookie E0209 08:12:40.598219 1 auth.go:377] state in url does not match State cookie E0209 08:12:51.919708 1 auth.go:377] state in url does not match State cookie E0209 08:13:03.526585 1 auth.go:377] state in url does not match State cookie E0209 08:13:15.056684 1 auth.go:377] state in url does not match State cookie E0209 08:13:26.318823 1 auth.go:377] state in url does not match State cookie E0209 08:13:45.582149 1 auth.go:377] state in url does not match State cookie 4. Clear browser cookies, try to login console, could login now. Steps to verify: 1. Launch on 4.10 cluster with payload 4.10.0-0.nightly-2022-02-09-111355. 2. Login web console, keep console page open. 2. Upgrade the cluster to 4.11.0-0.nightly-2022-02-10-031822 3. Go back on console page, logout, and try login again, could login successfully now. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069 |