On Wed, Apr 27, 2016 at 4:19 PM, Robert Wehner <[email protected]
> wrote:
> I am using the advanced installation method for Origin using the 3.0.84-1
> release of the openshift-ansible repo. I am trying to set up my identity
> providers so the cluster will accept LDAP- and htpasswd-based access using
> an openshift_master_identity_providers setting in my ansible inventory like
> this:
>
> openshift_master_identity_providers=[{ "name": "ldap_provider", "login" :
> true, "challenge" : true, "kind" : "LDAPPasswordIdentityProvider",
> "ldap_server" : "ldap.example.com", "ldap_bind_dn" : "",
> "ldap_bind_password" : "", "ldap_insecure" : true, "ldap_base_ou" :
> "ou=People,dc=example,dc=com", "ldap_preferred_username" : "uid" },
> {'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind':
> 'HTPasswdPasswordIdentityProvider', 'filename':
> '/etc/origin/master/htpasswd'}]
>
openshift_master_identity_providers=[{ 'name': 'ldap_provider', 'login' :
'true', 'challenge' : 'true', 'kind' : 'LDAPPasswordIdentityProvider',
'url' : 'ldap://ldap.example.com:389/ou=People,dc=example,dc=com?uid',
'bind_dn' : '', 'bind_password' : '', 'ldap_insecure' : 'true',
'attributes': {'preferredUsername' : 'uid'}}, {'name': 'htpasswd_auth',
'login': 'true', 'challenge': 'true', 'kind':
'HTPasswdPasswordIdentityProvider', 'filename':
'/etc/origin/master/htpasswd'}]
Because of the way that ansible serializes content to/from the inventory
file format, it is actually a json encoded string. There are also issues
with using boolean values within those json encoded strings when they are
not quoted. I updated your version using all single quotes (which I believe
doesn't really matter for the Ansible json parser, but it is required as
part of the json spec), and also updated some the format of the ldap entry
itself.
> I've posted this expanded out and easier to read at
> http://paste.fedoraproject.org/360411/61788028/
>
> This setting always fails with this error:
>
> TASK: [openshift_master | Install httpd-tools if needed]
> **********************
> fatal: [master01.kubtst1.tst.lan.returnpath.net] => with_items expects a
> list or a set
> FATAL: all hosts have already failed -- aborting
>
> I've added a debug statement right before this to print the
> "openshift.master.identity_providers" variable that ansible is trying to
> iterate over in this task and it basically looks like a string, not a list:
>
> TASK: [openshift_master | debug var=openshift.master.identity_providers]
> ******
> ok: [master01.kubtst1.tst.lan.returnpath.net] => {
> "var": {
> "openshift.master.identity_providers": "[{ \"name\":
> \"ldap_provider\", \"login\" : true, \"challenge\" : true, \"kind\" :
> \"LDAPPasswordIdentityProvider\", \"ldap_server\" : \"ldap.example.com\",
> \"ldap_bind_dn\" : \"\", \"ldap_bind_password\" : \"\", \"ldap_insecure\" :
> true, \"ldap_base_ou\" : \"ou=People,dc=example,dc=com\",
> \"ldap_preferred_username\" : \"uid\" }, {'name': 'htpasswd_auth', 'login':
> 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider',
> 'filename': '/etc/origin/master/htpasswd'}]"
> }
> }
>
> Is this an ansible bug or am I formatting this argument incorrectly? I
> based the format on the example here:
> https://docs.openshift.org/latest/install_config/install/advanced_install.html#configuring-cluster-variables
>
>
> Thanks for any insight,
>
>
>
> --
> Robert Wehner
>
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
--
Jason DeTiberus
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
