Description of problem: After an OSE 1.1->1.2 upgrade JBoss Dev Studio fails to publish (it just hangs). Doing an oo-accept-broker I now get the following message: "FAIL: Auth passthrough appears not to be enabled, which will break JBossTools and node-to-broker authentication and authentication tokens" JBoss Dev Studio worked before the upgrade.
The format for the remote auth httpd config file changed slightly between the releases. Previously there was a line in /var/www/openshift/broker/httpd/conf.d/openshift-origin-auth-remote-user.conf that started with "BrowserMatchNoCase" which is updated by the upgrade to: SetEnvIfNoCase Authorization Bearer passthrough However - the upgrade makes an assumption about the name of the conf file where this is configured. Technically it could be named anything. In the reported case it was named /var/www/openshift/broker/httpd/conf.d/openshift-origin-auth-remote-user-basic.conf to match the sample file it came from. Just copying the updated sample into place fixed the issue. We can't really fix the issue that the file can be named anything. It is probably reasonable to give the 08-broker-fix-conf-remote-user upgrade script some latitude to update conf files with likely names. Conceivably this should be added to the release notes upgrade caveats.
Pull request addressing this can be found at: https://github.com/openshift/enterprise/pull/31 - awaiting review
Verified this bug with the following packages, and PASS. openshift-enterprise-upgrade-broker-1.2.2-1.el6op.noarch openshift-enterprise-upgrade-node-1.2.2-1.el6op.noarch Before upgrade: # cat openshift.conf <--snip--> <Location /broker> AuthName "OpenShift broker API" AuthType Basic AuthUserFile /etc/openshift/htpasswd require valid-user # The node->broker auth is handled in the Ruby code BrowserMatchNoCase ^OpenShift passthrough Allow from env=passthrough # Console traffic will hit the local port. mod_proxy will set this header automatically. SetEnvIf X-Forwarded-For "^$" local_traffic=1 # Turn the Console output header into the Apache environment variable for the broker remote-user plugin SetEnvIf X-Remote-User "(..*)" REMOTE_USER=$1 Allow from env=local_traffic Order Deny,Allow Deny from all Satisfy any </Location> <--snip--> After upgrade: # cat /var/www/openshift/broker/httpd/conf.d/openshift.conf <--snip--> <Location /broker> AuthName "OpenShift broker API" AuthType Basic AuthUserFile /etc/openshift/htpasswd require valid-user # The node->broker auth is handled in the Ruby code SetEnvIfNoCase Authorization Bearer passthrough BrowserMatchNoCase ^OpenShift passthrough Allow from env=passthrough # Console traffic will hit the local port. mod_proxy will set this header automatically. SetEnvIf X-Forwarded-For "^$" local_traffic=1 # Turn the Console output header into the Apache environment variable for the broker remote-user plugin SetEnvIf X-Remote-User "(..*)" REMOTE_USER=$1 Allow from env=local_traffic Order Deny,Allow Deny from all Satisfy any </Location> <--snip--> And oo-accept-broker is PASS. JBoss Tools is working fine against the env.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1275.html