On Wed, Apr 27, 2016 at 4:40 PM, Jason DeTiberus <[email protected]> wrote:
> > > On Wed, Apr 27, 2016 at 4:19 PM, Robert Wehner < > [email protected]> wrote: > >> I am using the advanced installation method for Origin using the 3.0.84-1 >> release of the openshift-ansible repo. I am trying to set up my identity >> providers so the cluster will accept LDAP- and htpasswd-based access using >> an openshift_master_identity_providers setting in my ansible inventory like >> this: >> >> openshift_master_identity_providers=[{ "name": "ldap_provider", "login" : >> true, "challenge" : true, "kind" : "LDAPPasswordIdentityProvider", >> "ldap_server" : "ldap.example.com", "ldap_bind_dn" : "", >> "ldap_bind_password" : "", "ldap_insecure" : true, "ldap_base_ou" : >> "ou=People,dc=example,dc=com", "ldap_preferred_username" : "uid" }, >> {'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': >> 'HTPasswdPasswordIdentityProvider', 'filename': >> '/etc/origin/master/htpasswd'}] >> > > openshift_master_identity_providers=[{ 'name': 'ldap_provider', 'login' : > 'true', 'challenge' : 'true', 'kind' : 'LDAPPasswordIdentityProvider', > 'url' : 'ldap://ldap.example.com:389/ou=People,dc=example,dc=com?uid', > 'bind_dn' : '', 'bind_password' : '', 'ldap_insecure' : 'true', > 'attributes': {'preferredUsername' : 'uid'}}, {'name': 'htpasswd_auth', > 'login': 'true', 'challenge': 'true', 'kind': > 'HTPasswdPasswordIdentityProvider', 'filename': > '/etc/origin/master/htpasswd'}] > > Because of the way that ansible serializes content to/from the inventory > file format, it is actually a json encoded string. There are also issues > with using boolean values within those json encoded strings when they are > not quoted. I updated your version using all single quotes (which I believe > doesn't really matter for the Ansible json parser, but it is required as > part of the json spec), and also updated some the format of the ldap entry > itself. > It's been pointed out to me that I had this backwards. Double quotes should be used rather than single quotes to conform with the json spec. > > >> I've posted this expanded out and easier to read at >> http://paste.fedoraproject.org/360411/61788028/ >> >> This setting always fails with this error: >> >> TASK: [openshift_master | Install httpd-tools if needed] >> ********************** >> fatal: [master01.kubtst1.tst.lan.returnpath.net] => with_items expects a >> list or a set >> FATAL: all hosts have already failed -- aborting >> >> I've added a debug statement right before this to print the >> "openshift.master.identity_providers" variable that ansible is trying to >> iterate over in this task and it basically looks like a string, not a list: >> >> TASK: [openshift_master | debug var=openshift.master.identity_providers] >> ****** >> ok: [master01.kubtst1.tst.lan.returnpath.net] => { >> "var": { >> "openshift.master.identity_providers": "[{ \"name\": >> \"ldap_provider\", \"login\" : true, \"challenge\" : true, \"kind\" : >> \"LDAPPasswordIdentityProvider\", \"ldap_server\" : \"ldap.example.com\", >> \"ldap_bind_dn\" : \"\", \"ldap_bind_password\" : \"\", \"ldap_insecure\" : >> true, \"ldap_base_ou\" : \"ou=People,dc=example,dc=com\", >> \"ldap_preferred_username\" : \"uid\" }, {'name': 'htpasswd_auth', 'login': >> 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', >> 'filename': '/etc/origin/master/htpasswd'}]" >> } >> } >> >> Is this an ansible bug or am I formatting this argument incorrectly? I >> based the format on the example here: >> https://docs.openshift.org/latest/install_config/install/advanced_install.html#configuring-cluster-variables >> >> >> Thanks for any insight, >> >> >> >> -- >> Robert Wehner >> >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > > > -- > Jason DeTiberus > -- Jason DeTiberus
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
