Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1685033

Summary: Can't log into Grafana or Prometheus
Product: OpenShift Container Platform Reporter: Wolfgang Kulhanek <wkulhane>
Component: apiserver-authAssignee: Erica von Buelow <evb>
Status: CLOSED DUPLICATE QA Contact: Chuan Yu <chuyu>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.1.0CC: aos-bugs, erooth, minden, mloibl, slaznick, surbania
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-04 11:22:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Wolfgang Kulhanek 2019-03-04 08:36:01 UTC 
Description of problem:
In OCP 4.0.0.0.5 (Installer 0.13) I can't log into either Grafana or Prometheus. The GUI spits out an "Internal Server Error" and the oauth-proxy complains about a missing e-mail address for the account.

I tried both kube:admin as well as an account using LDAP authentication.


Version-Release number of selected component (if applicable):


How reproducible:
Every time

Steps to Reproduce:
1. Install OCP 4 using the Installer 0.13
2. Set up LDAP authentication (not sure that's relevant)
3. Log in with kube:admin (or a cluster-admin user). Failure after authentication succeeds.

Actual results:
oc logs -f grafana-754d4bf6bc-szmlg -c grafana-proxy -n openshift-monitoring

2019/03/04 08:27:44 provider.go:576: 404 GET https://openshift-authentication-openshift-authentication.apps.cluster-4ff4.4ff4.ocp4.opentlc.com/apis/user.openshift.io/v1/users/~ {
  "paths": [
    "/apis",
    "/healthz",
    "/healthz/log",
    "/healthz/ping",
    "/healthz/poststarthook/oauth.openshift.io-startoauthclientsbootstrapping",
    "/metrics"
  ]
}
2019/03/04 08:27:44 oauthproxy.go:635: error redeeming code (client:10.131.0.8:46472): unable to retrieve email address for user from token: got 404 {
  "paths": [
    "/apis",
    "/healthz",
    "/healthz/log",
    "/healthz/ping",
    "/healthz/poststarthook/oauth.openshift.io-startoauthclientsbootstrapping",
    "/metrics"
  ]
}

Expected results:


Additional info:
Comment 2 Standa Laznicka 2019-03-04 11:22:36 UTC 

*** This bug has been marked as a duplicate of bug 1678645 ***