Red Hat Bugzilla – Bug 1623435
KeyError: 'name' is seen when enabling LDAP auth via openshift_master_identity_providers
Last modified: 2018-10-11 03:26:14 EDT
Description of problem: Seem like this is related to ceac075224da886598e3b483aaa9e03978a63af5 commit. Version-Release number of the following components: openshift-ansible-3.11.0-0.25.0.git.0.7497e69.el7.noarch How reproducible: Always Steps to Reproduce: 1. openshift_master_identity_providers=[{'name': 'LDAP_auth', 'login': 'true', 'challenge': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['uid'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'insecure': 'true', 'url': 'ldap://10.66.147.104:389/ou=People,dc=my-domain,dc=com?uid'}] 2. trigger install 3. Actual results: Installation quit with the following error, but the error do not prompt user any useful info. TASK [openshift_control_plane : set_fact] ************************************** Wednesday 29 August 2018 18:51:02 +0800 (0:00:00.468) 0:06:47.868 ****** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: KeyError: 'name' fatal: [host-8-254-64.host.centralci.eng.rdu2.redhat.com]: FAILED! => {"msg": "Unexpected failure during module execution.", "stdout": ""} Expected results: Some useful info should be prompted to user. Additional info: Please attach logs from ansible-playbook with the -vvv flag
PR to fix this in master - https://github.com/openshift/openshift-ansible/pull/9849
3.10 PR - https://github.com/openshift/openshift-ansible/pull/9858
This also happened with kerveros auth on openshift-ansible-3.11.0-0.25.0.git.0.7497e69.el7.noarch. openshift_master_identity_providers=[{'name': 'kerberos_auth', 'login': 'true', 'challenge': 'true', 'mappingMethod': 'claim', 'kind': 'RequestHeaderIdentityProvider', 'headers': ['X-Remote-User'], 'challengeURL': 'https://dhcp-89-143.sjc.redhat.com/challenging-proxy/oauth/authorize?${query}', 'loginURL': 'https://dhcp-89-143.sjc.redhat.com/login-proxy/oauth/authorize?${query}', 'clientCA': '/etc/origin/master/ca.crt'}]
Verified this bug with openshift-ansible-3.11.0-0.28.0.git.0.730d4be.el7.noarch, and PASS. openshift_master_identity_providers=[{'name': 'LDAP_auth', 'login': 'true', 'challenge': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['uid'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'true', 'url': 'ldap://10.66.147.104:389/ou=People,dc=my-domain,dc=com?uid'}] TASK [openshift_control_plane : set_fact] ************************************** Thursday 06 September 2018 17:31:34 +0800 (0:00:05.150) 0:32:14.301 **** ok: [dhcp-89-147.sjc.redhat.com] => {"ansible_facts": {"translated_identity_providers": "- challenge: true\n login: true\n mappingMethod: claim\n name: LDAP_auth\n provider:\n apiVersion: v1\n attributes:\n email:\n - mail\n id:\n - dn\n name:\n - uid\n preferredUsername:\n - uid\n bindDN: ''\n bindPassword: ''\n ca: ''\n insecure: true\n kind: LDAPPasswordIdentityProvider\n url: ldap://10.66.147.104:389/ou=People,dc=my-domain,dc=com?uid\n"}, "changed": false} ok: [dhcp-89-137.sjc.redhat.com] => {"ansible_facts": {"translated_identity_providers": "- challenge: true\n login: true\n mappingMethod: claim\n name: LDAP_auth\n provider:\n apiVersion: v1\n attributes:\n email:\n - mail\n id:\n - dn\n name:\n - uid\n preferredUsername:\n - uid\n bindDN: ''\n bindPassword: ''\n ca: ''\n insecure: true\n kind: LDAPPasswordIdentityProvider\n url: ldap://10.66.147.104:389/ou=People,dc=my-domain,dc=com?uid\n"}, "changed": false} ok: [dhcp-89-158.sjc.redhat.com] => {"ansible_facts": {"translated_identity_providers": "- challenge: true\n login: true\n mappingMethod: claim\n name: LDAP_auth\n provider:\n apiVersion: v1\n attributes:\n email:\n - mail\n id:\n - dn\n name:\n - uid\n preferredUsername:\n - uid\n bindDN: ''\n bindPassword: ''\n ca: ''\n insecure: true\n kind: LDAPPasswordIdentityProvider\n url: ldap://10.66.147.104:389/ou=People,dc=my-domain,dc=com?uid\n"}, "changed": false}
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2652