Hide Forgot
Description of problem: Many auths including LDAPs/htpasswd have been supported in openshift-ansible: https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.ose.example#L101-L151, and currently we are able to use the extra_openshift_ansible_params parameter to pass all the openshift-ansible parameters. So it's better to use the parameters related to auths in openshift-ansible directly instead of the parameters in heat-stack envs. Version-Release number of selected component (if applicable): openshift-on-openstack v0.9.1 How reproducible: 100% Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Should remove the code and docs related to auth in openshift-on-openstack repo. Additional info:
In future it makes sense to to replace LDAP params with extra_openshift_ansible_params config directly consumable by openshift-ansible. With this switch though it will also be needed to add a mechanism for setting some defaults (htpasswd) if user doesn't pass authentication config explicitly. This has IMO low priority (you can already use this syntax if preferred).
Not sure if "htpasswd" is the best choice for the default authentication. Because we need to add the same users in all the masters manually in HA deployment, and "htpasswd" is not available in containerized deployment.
@Gan: yes, good point. In my previous comment I meant that a logic of "use some default" will have to be added before relying on the JSON format, whatever default value it will be.
I set target release to 3.4.0 to distinguish BZs which will be fixed in a next release.
There appear to be no active cases related to this bug. As such we're closing this bug in order to focus on bugs that are still tied to active customer cases. Please re-open this bug if you feel it was closed in error or a new active case is attached.