Can you make sure when you first visit the console (before logging in) you
use the public URL? One reason you'd see that error is if you visited
https://master1.my.net:8443/console/ first instead of the public URL.

On Wed, May 16, 2018 at 7:34 PM, Dan Pungă <dan.pu...@gmail.com> wrote:

> Thanks for the reply Sam!
>
> Unfortunately with this setup I get only the "invalid request" page that
> I've attached previously. But now the URL stays on
> loadbalance.my.net:8443/console:
>
> https://loadbalance.my.net:8443/console/error?error=invalid_request&error_
> description=Client%20state%20could%20not%20be%20verified&error_uri=
>
> The new configMap looks like this:
>
> apiVersion: v1
> data:
>   webconsole-config.yaml: |
>     apiVersion: webconsole.config.openshift.io/v1
>     clusterInfo:
>       consolePublicURL: https://loadbalance.my.net:8443/console/
>       loggingPublicURL: https://kibana.apps.my.net
>       logoutPublicURL: ''
>       masterPublicURL: https://loadbalance.my.net:8443
>       metricsPublicURL: https://hawkular-metrics.apps.my.net
> /hawkular/metrics
>     extensions:
>       properties: {}
>       scriptURLs: []
>       stylesheetURLs: []
>     features:
>       clusterResourceOverridesEnabled: false
>       inactivityTimeoutMinutes: 0
>     kind: WebConsoleConfiguration
>     servingInfo:
>       bindAddress: 0.0.0.0:8443
>       bindNetwork: tcp4
>       certFile: /var/serving-cert/tls.crt
>       clientCA: ''
>       keyFile: /var/serving-cert/tls.key
>       maxRequestsInFlight: 0
>       namedCertificates: null
>       requestTimeoutSeconds: 0
> kind: ConfigMap
> metadata:
>   creationTimestamp: 2018-05-16T23:11:11Z
>   name: webconsole-config
>   namespace: openshift-web-console
>   resourceVersion: "1187596"
>   selfLink: /api/v1/namespaces/openshift-web-console/configmaps/
> webconsole-config
>   uid: 6c33acdd-595e-11e8-8a63-fa163ed601cb
>
> The new oauthclient/openshift-web-console is now:
>
> apiVersion: v1
> grantMethod: auto
> kind: OAuthClient
> metadata:
>   creationTimestamp: 2018-05-16T23:20:11Z
>   name: openshift-web-console
>   resourceVersion: "1189032"
>   selfLink: /oapi/v1/oauthclients/openshift-web-console
>   uid: ae780fee-595f-11e8-8a63-fa163ed601cb
> redirectURIs:
> - https://loadbalance.my.net:8443/console
> - https://master1.my.net:8443/console
> - https://master2.my.net:8443/console
>
> Anything else I need to check maybe?
>
>
> On 17.05.2018 01:32, Sam Padgett wrote:
>
> I'd make these updates to the config map:
>
> consolePublicURL: https://loadbalance.my.net:8443/console/
> masterPublicURL: https://loadbalance.my.net:8443
>
> Then edit the OAuth client as cluster-admin to add the console public URL
> to the allowed callbacks.
>
> $ oc patch oauthclient/openshift-web-console -p '{"redirectURIs":["
> https://loadbalance.my.net:8443/"]}'
>
> Editing the OAuth client should fix the invalid request error on login.
>
> Sam
>
>
> On Wed, May 16, 2018 at 6:03 PM, Dan Pungă <dan.pu...@gmail.com> wrote:
>
>> Hello all!
>>
>> I'm setting up a recently installed Openshift Origin v3.9 and I've
>> discovered a problem with the web-console.
>> The environment has 2 masters: master1 and master2 and a loadbalancer,
>> all installed via openshift-ansible.
>> I'm accessing the web-console UI with https://loadbalance.my.net:8443
>> I've noticed some problems with the login form in the webconsole, where I
>> got some error about invalid request (attached image). On a second attempt
>> I can login succesfully.
>>
>> A second problem, maybe unrelated, is the content of the
>> webconsole-config configmap which has:
>> consolePublicURL: https://master1.my.net:8443/console/
>> loggingPublicURL: https://....
>> logoutPublicURL: ''
>> masterPublicURL: https://master1.my.net:8443
>>
>> This looks like the configuration uses only the master1. I've tried
>> modifying the values for consolePublicURL and masterPublicURL to point to
>> loadbalance.my.net:8443, but after pod restart I get a json response
>> with invalid request and the console doesn't load.
>> I've checked the master-config.yaml on both masters and it "looks" fine
>> to me:
>>
>> masterPublicURL: https://master1.my.net:8443
>>   assetPublicURL: https://master1.my.net:8443/console/
>>   masterPublicURL: https://master1.my.net:8443
>>   masterURL: https://loadbalance.my.net:8443
>>   subdomain: my.net
>>
>> and the equivalent for master2.
>>
>> Also, I've read through the archives and I've checked the
>> oauthclient/openshift-web-console resource which is
>>
>> apiVersion: v1
>> grantMethod: auto
>> kind: OAuthClient
>> metadata:
>>   creationTimestamp: 2018-05-11T13:09:54Z
>>   name: openshift-web-console
>>   resourceVersion: "1123438"
>>   selfLink: /oapi/v1/oauthclients/openshift-web-console
>>   uid: 98c50270-551c-11e8-a51b-fa163ed601cb
>> redirectURIs:
>> - https://master1.my.net:8443/console/
>> - https://master2.my.net:8443/console/
>>
>>
>> Do you have any ideas about these 2 issues? Especially the second one.
>>
>> Thank you for any help in advance,
>> Dan Pungă
>>
>>
>> _______________________________________________
>> users mailing list
>> users@lists.openshift.redhat.com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>>
>
>
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to