Bug 1654070
| Summary: | Director deployed OCP 3.11: changing openshift_master_identity_providers from allow_all to htpasswd_auth doesn't work | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Marius Cornea <mcornea> |
| Component: | openstack-tripleo-heat-templates | Assignee: | Martin André <m.andre> |
| Status: | CLOSED ERRATA | QA Contact: | Marius Cornea <mcornea> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 14.0 (Rocky) | CC: | athomas, dbecker, gchamoul, ltomasbo, m.andre, mburns, morazi, racedoro, tvignaud |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 14.0 (Rocky) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-tripleo-heat-templates-9.0.1-0.20181013060904.el7ost | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-01-11 11:55:06 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I've tried re-running the same deploy command after updating the OpenShiftGlobalVariables heat param the same you did, and effectively I could still log in with any user/password. *However* the new configuration was in /etc/origin/master/master-config.yaml After restarting the services with "sudo master-restart api && sudo master-restart controllers" it successfully picked up the new config. I noticed a openshift-node/restart.yml [1] playbook. Maybe we could call this from tripleo after applying the new settings. [1] https://github.com/openshift/openshift-ansible/blob/master/playbooks/openshift-node/restart.yml No doc text required. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:0045 |
Description of problem: Director deployed OCP 3.11: changing openshift_master_identity_providers from allow_all to htpasswd_auth doesn't work: Initial deployment is done with: OpenShiftGlobalVariables: openshift_master_identity_providers: - name: allow_all login: 'true' challenge: true kind: AllowAllPasswordIdentityProvider In a subsequent stack update we set it to htpasswd_auth: OpenShiftGlobalVariables: openshift_master_identity_providers: - name: 'htpasswd_auth' login: 'true' challenge: 'true' kind: 'HTPasswdPasswordIdentityProvider' openshift_master_htpasswd_users: marius: '$apr1$jpBOUqeU$X4jUsMyCHOOp8TFYtPq0v1' But after the stack update succeeds we're still able to log in with any user/pass which points to the new configuration not being applied. Version-Release number of selected component (if applicable): openstack-tripleo-heat-templates-9.0.1-0.20181013060891.el7ost.noarch How reproducible: 100% Steps to Reproduce: 1. Deploy openshift overcloud with allow_all openshift_master_identity_providers 2. Set openshift_master_identity_providers to htpasswd_auth 3. Re-run overcloud deploy Actual results: Log in still works with any user/pass which means the new configuration was not applied. Expected results: Log in only works with u: marius p: password. Additional info: