Hide Forgot
Description of problem: When oc login, got error: $ oc login --loglevel=8 I1126 17:40:48.742955 22817 loader.go:359] Config loaded from file /home/openshift/kubeconfig I1126 17:40:48.757998 22817 loader.go:359] Config loaded from file /home/openshift/kubeconfig I1126 17:40:48.758333 22817 round_trippers.go:383] HEAD https://ocp-api.tt.testing:6443/ I1126 17:40:48.758342 22817 round_trippers.go:390] Request Headers: I1126 17:40:48.843410 22817 round_trippers.go:408] Response Status: 403 Forbidden in 85 milliseconds I1126 17:40:48.843431 22817 round_trippers.go:411] Response Headers: I1126 17:40:48.843442 22817 round_trippers.go:414] X-Content-Type-Options: nosniff I1126 17:40:48.843463 22817 round_trippers.go:414] Content-Length: 210 I1126 17:40:48.843475 22817 round_trippers.go:414] Date: Mon, 26 Nov 2018 09:40:48 GMT I1126 17:40:48.843486 22817 round_trippers.go:414] Cache-Control: no-store I1126 17:40:48.843499 22817 round_trippers.go:414] Content-Type: application/json I1126 17:40:48.843576 22817 round_trippers.go:383] GET https://ocp-api.tt.testing:6443/.well-known/oauth-authorization-server I1126 17:40:48.843591 22817 round_trippers.go:390] Request Headers: I1126 17:40:48.843601 22817 round_trippers.go:393] X-Csrf-Token: 1 I1126 17:40:48.845272 22817 round_trippers.go:408] Response Status: 200 OK in 1 milliseconds I1126 17:40:48.845287 22817 round_trippers.go:411] Response Headers: I1126 17:40:48.845295 22817 round_trippers.go:414] Content-Length: 453 I1126 17:40:48.845304 22817 round_trippers.go:414] Date: Mon, 26 Nov 2018 09:40:48 GMT I1126 17:40:48.845310 22817 round_trippers.go:414] Cache-Control: no-store I1126 17:40:48.845316 22817 round_trippers.go:414] Content-Type: application/json I1126 17:40:48.845539 22817 round_trippers.go:383] GET /oauth/authorize?client_id=openshift-challenging-client&code_challenge=h9aIMIsggq_n7jWtriJb4wyUUtTU7wJ74G5s7yzLPyM&code_challenge_method=S256&redirect_uri=%2Foauth%2Ftoken%2Fimplicit&response_type=code I1126 17:40:48.845558 22817 round_trippers.go:390] Request Headers: I1126 17:40:48.845573 22817 round_trippers.go:393] X-Csrf-Token: 1 I1126 17:40:48.845583 22817 round_trippers.go:408] Response Status: in 0 milliseconds I1126 17:40:48.845591 22817 round_trippers.go:411] Response Headers: F1126 17:40:48.845614 22817 helpers.go:119] error: unsupported protocol scheme "" Version-Release number of selected component (if applicable): $ bin/openshift-install version bin/openshift-install v0.4.0-2-gc9d39e1e0a65dbb140725a27e55bad0d00a6026e Terraform v0.11.8 Your version of Terraform is out of date! The latest version is 0.11.10. You can update by downloading from www.terraform.io/downloads.html $ oc version oc v4.0.0-0.66.0 kubernetes v1.11.0+d4cacc0 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://ocp-api.tt.testing:6443 kubernetes v1.11.0+d4cacc0 How reproducible: Always Steps to Reproduce: 1. setup cluster with libvirt provider via openshift-install 2. 3. Actual results: error: unsupported protocol scheme "" Expected results: Should not met any error Additional info:
I don't think your expected result is correct. There will always be an error if you try to login w/o having an identity provider set for your cluster. The thing here is - it should probably be a different error informing you about what's actually wrong (in this case, we're missing URLs in the default OAuth config) and we should definitely fix that. Right now there is no default identity providers configuration in 4.0 clusters. If you would like a temporary workaround to be able to login as a random user, you can use the patch commands from https://github.com/openshift/installer/pull/758/files. Importantly, be aware that these commands move your cluster to an unsupported state, so this is by far not the permanent solution. Note that there is a running effort to improve the situation around bootstrapped OAuth: https://github.com/openshift/origin/pull/21580 https://github.com/openshift/cluster-kube-apiserver-operator/pull/152
Simply running `oc login` should not be throwing errors anymore as of https://github.com/openshift/origin/pull/21621. The current workflow is to login as the user kubeadmin with the password from auth/kubeadmin-password from the installation directory to set up your identity providers (which is still under development).
Checked and this has been fixed. Thanks $ bin/openshift-install version bin/openshift-install v0.5.0-master-36-gb4f5ceb6bfde8d3dc0e29f708e0494488ea37ee0 Terraform v0.11.8 Your version of Terraform is out of date! The latest version is 0.11.10. You can update by downloading from www.terraform.io/downloads.html $ oc version oc v4.0.0-0.66.0 kubernetes v1.11.0+d4cacc0 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://ocp-api.tt.testing:6443 kubernetes v1.11.0+99b66db $ oc login --server=https://ocp-api.tt.testing:6443 --config=test --insecure-skip-tls-verify=true Authentication required for https://ocp-api.tt.testing:6443 (openshift) Username: kubeadmin Password: Login successful. You have access to the following projects and can switch between them with 'oc project <projectname>': * default kube-public kube-system openshift openshift-apiserver openshift-cluster-api openshift-cluster-dns openshift-cluster-dns-operator openshift-cluster-kube-apiserver-operator openshift-cluster-kube-controller-manager-operator openshift-cluster-kube-scheduler-operator openshift-cluster-machine-approver openshift-cluster-network-operator openshift-cluster-node-tuning-operator openshift-cluster-openshift-apiserver-operator openshift-cluster-openshift-controller-manager-operator openshift-cluster-samples-operator openshift-cluster-version openshift-config openshift-config-managed openshift-console openshift-controller-manager openshift-core-operators openshift-csi-operator openshift-image-registry openshift-infra openshift-ingress openshift-ingress-operator openshift-kube-apiserver openshift-kube-controller-manager openshift-kube-scheduler openshift-machine-config-operator openshift-monitoring openshift-node openshift-operator-lifecycle-manager openshift-sdn openshift-service-cert-signer Using project "default".
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758