Description of problem: after adding customized login, providers and error templates, authentication pods failed to start Version-Release number of selected component (if applicable): 4.6.0-0.nightly-2020-06-26-035408 How reproducible: Always Steps to Reproduce: 1. Create template files # oc adm create-login-template > login.html # oc adm create-provider-selection-template > providers.html # oc adm create-error-template > errors.html 2. Create secret using template files # oc create secret generic login-template --from-file=/root/yapei/oauth-files/login.html -n openshift-config secret/login-template created # oc create secret generic error-template --from-file=/root/yapei/oauth-files/errors.html -n openshift-config secret/error-template created # oc create secret generic providers-template --from-file=/root/yapei/oauth-files/providers.html -n openshift-config secret/providers-template created 3. Edit oauth cluster, add templates # oc get oauth cluster -o json | jq '.spec' { "identityProviders": [ { "htpasswd": { "fileData": { "name": "htpass-secret" } }, "mappingMethod": "claim", "name": "flexy-htpasswd-provider", "type": "HTPasswd" }, { "htpasswd": { "fileData": { "name": "htpasswd-rjbmr" } }, "mappingMethod": "claim", "name": "qehtpasswd", "type": "HTPasswd" } ], "templates": { "error": { "name": "error-template" }, "login": { "name": "login-template" }, "providerSelection": { "name": "providers-template" } } } Actual results: 3. new authentication pods is in CrashLoopBackOff status, and there is runtime error # oc get pods -n openshift-authentication NAME READY STATUS RESTARTS AGE oauth-openshift-77f7975575-wlzfk 0/1 CrashLoopBackOff 2 52s oauth-openshift-7f4cdc57cb-7qtvf 1/1 Running 0 7m41s oauth-openshift-7f4cdc57cb-lcr54 1/1 Running 0 7m54s # oc logs -f oauth-openshift-77f7975575-wlzfk -n openshift-authentication Copying system trust bundle I0630 05:50:13.521096 1 dynamic_serving_content.go:111] Loaded a new cert/key pair for "serving-cert::/var/config/system/secrets/v4-0-config-system-serving-cert/tls.crt::/var/config/system/secrets/v4-0-config-system-serving-cert/tls.key" I0630 05:50:13.521435 1 dynamic_serving_content.go:111] Loaded a new cert/key pair for "sni-serving-cert::/var/config/system/secrets/v4-0-config-system-router-certs/apps.qe-ui46-0630.qe.devcluster.openshift.com::/var/config/system/secrets/v4-0-config-system-router-certs/apps.qe-ui46-0630.qe.devcluster.openshift.com" panic: open /var/config/user/template/secret/v4-0-config-user-template-error/errors.html: no such file or directory goroutine 1 [running]: github.com/openshift/oauth-server/pkg/oauthserver.(*OAuthServerConfig).buildHandlerChainForOAuth(0xc000463c80, 0x1f67660, 0xc00040ca00, 0xc000445d40, 0x1977480, 0xc00095b4f8) github.com/openshift/oauth-server@/pkg/oauthserver/oauth_apiserver.go:307 +0xee k8s.io/apiserver/pkg/server.completedConfig.New.func1(0x1f67660, 0xc00040ca00, 0x1f67660, 0xc00040ca00) k8s.io/apiserver.2/pkg/server/config.go:535 +0x45 k8s.io/apiserver/pkg/server.NewAPIServerHandler(0x1c1a852, 0xf, 0x1fab520, 0xc00067fc20, 0xc00095b710, 0x0, 0x0, 0xc00040c980) k8s.io/apiserver.2/pkg/server/handler.go:96 +0x2cc k8s.io/apiserver/pkg/server.completedConfig.New(0xc000445d40, 0x0, 0x0, 0x1c1a852, 0xf, 0x1fc7d20, 0x2dd89a8, 0xc000445d40, 0x0, 0x0) k8s.io/apiserver.2/pkg/server/config.go:537 +0x124 github.com/openshift/oauth-server/pkg/oauthserver.completedOAuthConfig.New(0xc00040c980, 0xc000463c88, 0x1fc7d20, 0x2dd89a8, 0x4, 0x1fa9320, 0xc000580190) github.com/openshift/oauth-server@/pkg/oauthserver/oauth_apiserver.go:290 +0x70 github.com/openshift/oauth-server/pkg/cmd/oauth-server.RunOsinServer(0xc000496300, 0xc000236360, 0xc1c, 0xe1c) github.com/openshift/oauth-server@/pkg/cmd/oauth-server/server.go:41 +0x89 github.com/openshift/oauth-server/pkg/cmd/oauth-server.(*OsinServer).RunOsinServer(0xc0003aa890, 0xc000236360, 0xc0006cbaa0, 0x5eb040) github.com/openshift/oauth-server@/pkg/cmd/oauth-server/cmd.go:91 +0x286 github.com/openshift/oauth-server/pkg/cmd/oauth-server.NewOsinServer.func1(0xc0000cd900, 0xc0003049e0, 0x0, 0x2) github.com/openshift/oauth-server@/pkg/cmd/oauth-server/cmd.go:39 +0xf2 github.com/spf13/cobra.(*Command).execute(0xc0000cd900, 0xc000304980, 0x2, 0x2, 0xc0000cd900, 0xc000304980) github.com/spf13/cobra.5/command.go:830 +0x2aa github.com/spf13/cobra.(*Command).ExecuteC(0xc0000cd680, 0xc0000cd680, 0x0, 0x0) github.com/spf13/cobra.5/command.go:914 +0x2fb github.com/spf13/cobra.(*Command).Execute(...) github.com/spf13/cobra.5/command.go:864 main.main() github.com/openshift/oauth-server@/cmd/oauth-server/main.go:41 +0x302 Expected results: 3. new authentication pods should be started successfully Additional info:
in operator pod authentication-operator-7f6fb6765c-fpqk7 logs, found: "oauthConfig": map[string]interface{}{ "templates": map[string]interface{}{ "error": string("/var/config/system/secrets/v4-0-config-system-ocp-branding-template/errors.html"), - "login": string("/var/config/system/secrets/v4-0-config-system-ocp-branding-template/login.html"), + "login": string("/var/config/user/template/secret/v4-0-config-user-template-login/login.html"), - "providerSelection": string("/var/config/system/secrets/v4-0-config-system-ocp-branding-template/providers.html"), + "providerSelection": string("/var/config/user/template/secret/v4-0-config-user-template-provider-selection/providers.html"), } $ oc rsh -n openshift-authentication oauth-openshift-557f8fd675-jbn6z sh-4.2# ls /var/config/system/secrets/v4-0-config-system-ocp-branding-template/ errors.html login.html providers.html The path is /var/config/system/secrets/v4-0-config-system-ocp-branding-template/ but the pod tries to open /var/config/user/template/secret/v4-0-config-user-template-error/errors.html: no such file or directory
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196