Bug 1636122 - Value for 'ca' defaulted to 'name'_ldap_ca.crt when using LDAPPasswordIdentityProvider
Summary: Value for 'ca' defaulted to 'name'_ldap_ca.crt when using LDAPPasswordIdentit...
Keywords:
Status: CLOSED DUPLICATE of bug 1627764
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.10.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.10.z
Assignee: Vadim Rutkovsky
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-04 13:44 UTC by DzungDo
Modified: 2018-10-04 17:11 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-04 17:11:29 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description DzungDo 2018-10-04 13:44:09 UTC 
Description of problem:
When not using "openshift_master_ldap_ca_file", installer set the default name for 'ca' as {{name_used_for_identity_provider}}_ldap_ca.crt

Version-Release number of the following components:
$ rpm -q openshift-ansible
openshift-ansible-3.10.47-1.git.0.95bc2d2.el7_5.noarch

$ rpm -q ansible
ansible-2.5.8-1.el7ae.noarch

$ ansible --version
ansible 2.5.8
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/Dzung.Do/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, May 31 2018, 09:41:32) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

How reproducible:
Always

Steps to Reproduce:
1. Configure "openshift_master_identity_providers" in variable file as:
  - name: foo_ldap
    kind: LDAPPasswordIdentityProvider
    login: 'true'
    mappingMethod: claim
    challenge: 'true'
    attributes:
      id: ['dn']
      email: ['mail']
      name: ['cn']
      preferredUsername: ['uid']
    ca: ''
    insecure: true

2. Run the installer 

Actual results:
Actual results:
Result in /etc/origin/master/master-config.yaml:
  - challenge: true
    login: true
    mappingMethod: claim
    name: foo_ldap
    provider:
      apiVersion: v1
      attributes:
        email:
        - mail
        id:
        - dn
        name:
        - cn
        preferredUsername:
        - uid
      ca: /etc/origin/master/foo_ldap_ldap_ca.crt
      insecure: true

Expected results:
The actual "ca" in /etc/origin/master/master-config.yaml should be empty as what was set in the variables file.

Additional info:
Looking at /usr/share/ansible/openshift-ansible/roles/openshift_control_plane/tasks/main.yml

The default name must had come from line #65? 

 63 - name: Create the ldap ca file if needed
 64   copy:
 65     dest: "/etc/origin/master/{{ item.name }}_ldap_ca.crt"
 66     content: "{{ openshift.master.ldap_ca }}"
 67     mode: 0600
 68     backup: yes
 69   when:
 70   - openshift.master.ldap_ca is defined
 71   - item.kind == 'LDAPPasswordIdentityProvider'
 72   with_items: "{{ openshift_master_identity_providers }}"
 73



Description of problem:

Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible --version

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

Expected results:

Additional info:
Please attach logs from ansible-playbook with the -vvv flag
Comment 1 Vadim Rutkovsky 2018-10-04 17:11:29 UTC 

*** This bug has been marked as a duplicate of bug 1627764 ***
Note You need to log in before you can comment on or make changes to this bug.