Description of problem: Got below errors after enable the basic auth of the ASB. [2018-04-27T07:53:33.354Z] [INFO] - Configured for basic auth [2018-04-27T07:53:33.354Z] [ERROR] - Error reading username. open /var/run/asb-auth/username: no such file or directory [2018-04-27T07:53:33.354Z] [ERROR] - we had a problem building the DB for FileUserServiceAdapter. %!(EXTRA *os.PathError=open /var/run/asb-auth/username: no such file or directory) [2018-04-27T07:53:33.354Z] [WARNING] - Unable to create provider for &{map[type:basic enabled:true] {{0 0} 0 0 0 0}}. open /var/run/asb-auth/username: no such file or directory Version-Release number of selected component (if applicable): The ASB version: 1.2.7 Service catalog version: v0.1.13 How reproducible: always Steps to Reproduce: 1. Enable the basic auth, like below: # oc edit cm broker-config auth: - type: basic enabled: true # oc rollout latest dc/asb 2, Check the ASB logs. Actual results: Got the above errors described in original info. Expected results: Should not occur these errors. Additional info:
Can you please show me the volumes defined for your deployment config? oc volumes dc/asb Also, oc rsh asb.... run mount in the container to see what it thinks it has as well.
I hit this problem recently on a test broker I was working on. The problem I had was I created the auth secret in a directory called /var/run/sb-auth. volumeMounts: - name: config-volume mountPath: /etc/ansible-service-broker - name: samplebroker-tls mountPath: /etc/tls/private - name: sb-auth-volume mountPath: /var/run/sb-auth This caused the errors I saw in the original comment. I switched this to be /var/run/asb-auth And it works now. The Automation Broker has a hard coded path to look for the secret. :(
Jesus, I did not find the corresponding mount path in "DC", as below: [root@host-172-16-120-63 ~]# oc volumes dc/asb deploymentconfigs/asb configMap/broker-config as config-volume mounted at /etc/ansible-service-broker secret/asb-tls as asb-tls mounted at /etc/tls/private [root@host-172-16-120-63 ~]# oc rsh asb-6-gdlwm ... sh-4.2$ pwd /var/run/asb-auth sh-4.2$ mount overlay on / type overlay (rw,relatime,context="system_u:object_r:container_file_t:s0:c0,c11",lowerdir=/var/lib/containers/storage/overlay/l/CQ33AG2HDAG2MZMDQS6MNV2LYE:/var/lib/containers/storage/overlay/l/T53VMYIY7TBDCJBJU7BPZ64QEA:/var/lib/containers/storage/overlay/l/MGXCTOZ2XMVFJMEMPXCHGSYLHH,upperdir=/var/lib/containers/storage/overlay/0570853fcc89c81bb4bfa837a3c13b8b25fc888daa4e04090ef3770107b24e3e/diff,workdir=/var/lib/containers/storage/overlay/0570853fcc89c81bb4bfa837a3c13b8b25fc888daa4e04090ef3770107b24e3e/work) proc on /proc type proc (rw,relatime) tmpfs on /dev type tmpfs (rw,nosuid,context="system_u:object_r:container_file_t:s0:c0,c11",size=65536k,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,context="system_u:object_r:container_file_t:s0:c0,c11",gid=5,mode=620,ptmxmode=666) shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,context="system_u:object_r:container_file_t:s0:c0,c11",size=65536k) mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime,seclabel) sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime,seclabel) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,context="system_u:object_r:container_file_t:s0:c0,c11",mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,seclabel,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd) cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,seclabel,devices) cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,seclabel,blkio) cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,seclabel,perf_event) cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,seclabel,memory) cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,seclabel,cpuset) cgroup on /sys/fs/cgroup/hugetlb type cgroup (ro,nosuid,nodev,noexec,relatime,seclabel,hugetlb) cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,seclabel,freezer) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,seclabel,cpuacct,cpu) cgroup on /sys/fs/cgroup/pids type cgroup (ro,nosuid,nodev,noexec,relatime,seclabel,pids) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (ro,nosuid,nodev,noexec,relatime,seclabel,net_prio,net_cls) shm on /etc/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,context="system_u:object_r:container_file_t:s0:c0,c11",size=65536k) tmpfs on /etc/resolv.conf type tmpfs (rw,nosuid,nodev,seclabel,mode=755) tmpfs on /etc/hostname type tmpfs (rw,nosuid,nodev,seclabel,mode=755) /dev/mapper/rhel-root on /etc/ansible-service-broker type xfs (ro,relatime,seclabel,attr2,inode64,noquota) /dev/mapper/rhel-root on /etc/hosts type xfs (rw,relatime,seclabel,attr2,inode64,noquota) /dev/mapper/rhel-root on /tmp/termination-log type xfs (rw,relatime,seclabel,attr2,inode64,noquota) tmpfs on /run/secrets type tmpfs (rw,nosuid,nodev,seclabel,mode=755) tmpfs on /etc/tls/private type tmpfs (ro,relatime,seclabel) tmpfs on /run/secrets/kubernetes.io/serviceaccount type tmpfs (ro,relatime,seclabel) proc on /proc/bus type proc (ro,relatime) proc on /proc/fs type proc (ro,relatime) proc on /proc/irq type proc (ro,relatime) proc on /proc/sys type proc (ro,relatime) proc on /proc/sysrq-trigger type proc (ro,relatime) tmpfs on /proc/kcore type tmpfs (rw,nosuid,context="system_u:object_r:container_file_t:s0:c0,c11",size=65536k,mode=755) tmpfs on /proc/timer_list type tmpfs (rw,nosuid,context="system_u:object_r:container_file_t:s0:c0,c11",size=65536k,mode=755) tmpfs on /proc/timer_stats type tmpfs (rw,nosuid,context="system_u:object_r:container_file_t:s0:c0,c11",size=65536k,mode=755) tmpfs on /proc/sched_debug type tmpfs (rw,nosuid,context="system_u:object_r:container_file_t:s0:c0,c11",size=65536k,mode=755) tmpfs on /proc/scsi type tmpfs (ro,relatime,seclabel) tmpfs on /sys/firmware type tmpfs (ro,relatime,seclabel)
Without the auth mountpoint the broker will not be able to use basic auth. It currently looks in /var/run/asb-auth mountpoint for a two files. username and password which each contains a base64 encoded value. If you are going to change the auth type in the configmap, we require that you create the volume mount and the secret before doing that change. We documented what is required to create the secret, the volume mounts, and how to configure the service catalog to use the basic auth credentials. https://github.com/openshift/ansible-service-broker/blob/master/docs/auth.md#basic-auth
Jesus, Thank you! I followed that doc and it works well! 1) create a secret: [root@host-172-16-120-86 ~]# cat secret.yaml apiVersion: v1 kind: Secret metadata: name: asb-auth-secret namespace: openshift-ansible-service-broker data: username: amlhemhh password: cmVkaGF0 2) mount it: [root@host-172-16-120-86 ~]# oc volumes dc/asb deploymentconfigs/asb configMap/broker-config as config-volume mounted at /etc/ansible-service-broker secret/asb-tls as asb-tls mounted at /etc/tls/private secret/asb-auth-secret as asb-auth-volume mounted at /var/run/asb-auth
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1816