Bug 1434875 - mod_auth_mellon package issue in OSP 10/11
Summary: mod_auth_mellon package issue in OSP 10/11
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: documentation
Version: 12.0 (Pike)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 13.0 (Queens)
Assignee: Martin Lopes
QA Contact: RHOS Documentation Team
URL:
Whiteboard:
: 1497718 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-22 14:14 UTC by Rodrigo Duarte
Modified: 2018-08-03 03:39 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-08-03 03:39:25 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Rodrigo Duarte 2017-03-22 14:14:43 UTC
An issue that always happen when configuring federation (Federated Identity feature) is that mod_auth_mellon needs to be reinstalled in the controllers for it to work properly. Below we can check some of the configuration files from the module are missing:

[root@controller-2 ~]# rpm -ql mod_auth_mellon
/etc/httpd/conf.d/auth_mellon.conf
/etc/httpd/conf.modules.d/10-auth_mellon.conf
/run/mod_auth_mellon
/usr/lib/tmpfiles.d/mod_auth_mellon.conf
/usr/lib64/httpd/modules/mod_auth_mellon.so
/usr/libexec/mod_auth_mellon
/usr/libexec/mod_auth_mellon/mellon_create_metadata.sh
/usr/share/doc/mod_auth_mellon-0.11.0
/usr/share/doc/mod_auth_mellon-0.11.0/ECP.rst
/usr/share/doc/mod_auth_mellon-0.11.0/NEWS
/usr/share/doc/mod_auth_mellon-0.11.0/README
/usr/share/licenses/mod_auth_mellon-0.11.0
/usr/share/licenses/mod_auth_mellon-0.11.0/COPYING

[root@controller-2 ~]# ls /etc/httpd/conf.d/ | grep mellon
[root@controller-2 ~]# ls /etc/httpd/conf.modules.d/ | grep mellon

Comment 1 Rodrigo Duarte 2017-03-22 14:15:39 UTC
Set the component to "openstack-tripleo", please reassign it for the correct package if it is the case.

Comment 2 Alex Schultz 2017-03-24 18:42:11 UTC
This is probably happening because puppet (via the apache module) will remove any modules not accounted for in our apache configuration. We would need to explicitly ensure that ::apache::mod::auth_mellon is included when configuring federation with mod_auth_mellon

Comment 6 John Dennis 2017-10-30 20:34:04 UTC
*** Bug 1497718 has been marked as a duplicate of this bug. ***

Comment 7 John Dennis 2017-10-30 20:36:25 UTC
Note: bug #1497718 which was closed as a duplicate of this one contains some additional information concerning how to get mod_auth_mellon under Puppet control, you may wish to review that material.

Comment 9 Martin Lopes 2018-01-10 05:56:20 UTC
Made some light edits to content. Confirmed that John's new section is in the published version of the OSP12 guide: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html-single/federate_with_identity_service/#prerequisites


Note You need to log in before you can comment on or make changes to this bug.