Open tenfourty opened 7 years ago
Think I know what this is, we switched to automatically create the openshift routes (or ingress rules if running plain Kubernetes). When generating the hostnames we changed to include the namespace in the route just as we do for ingress.
The proper fix is to update the console oauthclient to include the namespace but it would be best to do that next week whilst also updating to use the f-m-p 3.x.
Until then I'll update the exposecontroller so that the namespace isn't included in the hostname so the oathclient matches.
We've not yet versioned the ingress controller as it's quite new so you can just SSH to the VM and docker pull fabric8/exposecontroller:latest
, delete all your routes (oc delete routes --all
) and bounce the exposecontroller pod. The routes should all be recreated without the namespace and therefore match the oauthclient redirect so that you're able to log in.
Will get the fabric8-console updated next week to include the namespace as a proper fix but this at least should get past the issue.
Thanks for spotting and reporting this!
Thanks @rawlingsj that hack/workaround fixed the routes when I bounced the exposecontroller pod.
Login with oauth still doesn't work though, I seem to end up in an infinite loop when trying to login on the fabric8 console.
○ → oc get routes
NAME HOST/PORT PATH SERVICE TERMINATION LABELS
fabric8 fabric8.192.168.11.71.xip.io fabric8 provider=fabric8
fabric8-docker-registry fabric8-docker-registry.192.168.11.71.xip.io fabric8-docker-registry provider=fabric8
fabric8-forge fabric8-forge.192.168.11.71.xip.io fabric8-forge provider=fabric8
gogs gogs.192.168.11.71.xip.io gogs provider=fabric8
gogs-ssh gogs-ssh.192.168.11.71.xip.io gogs-ssh provider=fabric8
jenkins jenkins.192.168.11.71.xip.io jenkins provider=fabric8
jenkins-jnlp jenkins-jnlp.192.168.11.71.xip.io jenkins-jnlp provider=fabric8
nexus nexus.192.168.11.71.xip.io nexus provider=fabric8
○ → oc get oauthclient fabric8
NAME SECRET WWW-CHALLENGE REDIRECT URIS
fabric8 FALSE http://localhost:9090,http://localhost:2772,http://localhost:9000,http://fabric8.192.168.11.71.xip.io,https://fabric8.192.168.11.71.xip.io,http://192.168.11.71:30259
Also I don't think an oauth client is setup for gogs either - should it be?
Dam! Ok thanks @tenforty, I'll recreate the problem and make sure the next fix actually means we can log in next time :)
Just recreated the issue and was able to log into the fabric8 console after updating the origin CORS whitelist and restarting the origin container.
Not sure if there's a better way just but here's what I did..
oc get -o jsonpath="{.spec.host}" route fabric8
copy the output, should be something like..
fabric8.192.168.99.101.xip.io
then add the hostname from above to the origin master config..
docker-machine ssh openshift
sudo vi /var/lib/origin/openshift.local.config/master/master-config.yaml
add the fabric8 console hostname, should look like this..
corsAllowedOrigins:
- 127.0.0.1
- 192.168.99.101:8443
- localhost
- fabric8.192.168.99.101.xip.io
now restart the origin master from inside the docker-machine..
docker restart origin
You should be able to log into the fabric8 console now. I'll write up a getting started guide for oc cluster up
if this works.
Also I just noticed that oc cluster up
suggests to use the developer:developer username and password to login. If you use this account then you'll need to give it permissions to see the default team that was created. Easiest way to do this is run
oc adm policy add-cluster-role-to-user cluster-admin developer
BTW it seems a bit sluggish, probably because its using vagrant and virtualbox - I still prefer minishift ;)
I added some docs to the getting started guide. Looks like there's a problem with the circleci env so the websites not updated yet but till then https://github.com/fabric8io/fabric8/blob/master/docs/getStarted/ocClusterUp.md
Website appears updated.
I reordered the instructions in fabric8io/fabric8#6467 so that they appear in the order they should be run.
Just playing with the new
oc cluster up
command in OpenShift v1.3.0-alpha.3 and I've run into an issues that seems to be caused with the way oauth is setup:Steps to repeat on a mac with Docker for Mac installed, I tried to follow the fabric8 docs as closely as possible:
Wait for all the fabric8 pods to be deployed.
As you can see the routes are all setup correctly and you can login to the openshift console to see everything deployed and working - default login for this is developer/developer.
At this point if you try to access the fabric8 console you will run into an oauth issue, so instead get the fabric8 oauth config:
The issue seems to be that gofabric8 doesn't setup the oauth config correctly for the fabric8 client - it is failing to take into account the namespace of the project even though it setups the routes correctly oauth isn't setup right.