I'm using https://loadbalance.my.net:8443 to access the web console, yes.
I'm really stuck with this one and it seems there isn't much discussion
on this topic, not even previous bugs of this sort that I can find.
I've tried different versions for the 2 configurations (the configMap
and the oauthclient file) with no result.
On 17.05.2018 16:46, Sam Padgett wrote:
Can you make sure when you first visit the console (before logging in)
you use the public URL? One reason you'd see that error is if you
visited https://master1.my.net:8443/console/ first instead of the
public URL.
On Wed, May 16, 2018 at 7:34 PM, Dan Pungă <dan.pu...@gmail.com
<mailto:dan.pu...@gmail.com>> wrote:
Thanks for the reply Sam!
Unfortunately with this setup I get only the "invalid request"
page that I've attached previously. But now the URL stays on
loadbalance.my.net:8443/console
<http://loadbalance.my.net:8443/console>:
https://loadbalance.my.net:8443/console/error?error=invalid_request&error_description=Client%20state%20could%20not%20be%20verified&error_uri=
<http://oadbalance.my.net:8443/console/error?error=invalid_request&error_description=Client%20state%20could%20not%20be%20verified&error_uri=>
The new configMap looks like this:
apiVersion: v1
data:
webconsole-config.yaml: |
apiVersion: webconsole.config.openshift.io/v1
<http://webconsole.config.openshift.io/v1>
clusterInfo:
consolePublicURL: https://loadbalance.my.net:8443/console/
<http://loadbalance.my.net:8443/console/>
loggingPublicURL: https://kibana.apps.my.net <http://my.net>
logoutPublicURL: ''
masterPublicURL: https://loadbalance.my.net:8443
<http://loadbalance.my.net:8443>
metricsPublicURL: https://hawkular-metrics.apps.my.net
<http://my.net>/hawkular/metrics
extensions:
properties: {}
scriptURLs: []
stylesheetURLs: []
features:
clusterResourceOverridesEnabled: false
inactivityTimeoutMinutes: 0
kind: WebConsoleConfiguration
servingInfo:
bindAddress: 0.0.0.0:8443 <http://0.0.0.0:8443>
bindNetwork: tcp4
certFile: /var/serving-cert/tls.crt
clientCA: ''
keyFile: /var/serving-cert/tls.key
maxRequestsInFlight: 0
namedCertificates: null
requestTimeoutSeconds: 0
kind: ConfigMap
metadata:
creationTimestamp: 2018-05-16T23:11:11Z
name: webconsole-config
namespace: openshift-web-console
resourceVersion: "1187596"
selfLink:
/api/v1/namespaces/openshift-web-console/configmaps/webconsole-config
uid: 6c33acdd-595e-11e8-8a63-fa163ed601cb
The new oauthclient/openshift-web-console is now:
apiVersion: v1
grantMethod: auto
kind: OAuthClient
metadata:
creationTimestamp: 2018-05-16T23:20:11Z
name: openshift-web-console
resourceVersion: "1189032"
selfLink: /oapi/v1/oauthclients/openshift-web-console
uid: ae780fee-595f-11e8-8a63-fa163ed601cb
redirectURIs:
- https://loadbalance.my.net <http://oadbalance.my.net>:8443/console
- https://master1.my.net <http://my.net>:8443/console
- https://master2.my.net <http://my.net>:8443/console
Anything else I need to check maybe?
On 17.05.2018 01:32, Sam Padgett wrote:
I'd make these updates to the config map:
consolePublicURL: https://loadbalance.my.net:8443/console/
<https://loadbalance.my.net:8443/console/>
masterPublicURL: https://loadbalance.my.net:8443
<https://loadbalance.my.net:8443>
Then edit the OAuth client as cluster-admin to add the console
public URL to the allowed callbacks.
$ oc patch oauthclient/openshift-web-console -p
'{"redirectURIs":["https://loadbalance.my.net:8443/
<https://loadbalance.my.net:8443/>"]}'
Editing the OAuth client should fix the invalid request error on
login.
Sam
On Wed, May 16, 2018 at 6:03 PM, Dan Pungă <dan.pu...@gmail.com
<mailto:dan.pu...@gmail.com>> wrote:
Hello all!
I'm setting up a recently installed Openshift Origin v3.9 and
I've discovered a problem with the web-console.
The environment has 2 masters: master1 and master2 and a
loadbalancer, all installed via openshift-ansible.
I'm accessing the web-console UI with
https://loadbalance.my.net:8443 <https://loadbalance.my.net:8443>
I've noticed some problems with the login form in the
webconsole, where I got some error about invalid request
(attached image). On a second attempt I can login succesfully.
A second problem, maybe unrelated, is the content of the
webconsole-config configmap which has:
consolePublicURL: https://master1.my.net:8443/console/
<https://master1.my.net:8443/console/>
loggingPublicURL: https://....
logoutPublicURL: ''
masterPublicURL: https://master1.my.net:8443
This looks like the configuration uses only the master1. I've
tried modifying the values for consolePublicURL and
masterPublicURL to point to loadbalance.my.net:8443
<http://loadbalance.my.net:8443>, but after pod restart I get
a json response with invalid request and the console doesn't
load.
I've checked the master-config.yaml on both masters and it
"looks" fine to me:
masterPublicURL: https://master1.my.net:8443
assetPublicURL: https://master1.my.net:8443/console/
<https://master1.my.net:8443/console/>
masterPublicURL: https://master1.my.net:8443
masterURL: https://loadbalance.my.net:8443
<https://loadbalance.my.net:8443>
subdomain: my.net <http://my.net>
and the equivalent for master2.
Also, I've read through the archives and I've checked the
oauthclient/openshift-web-console resource which is
apiVersion: v1
grantMethod: auto
kind: OAuthClient
metadata:
creationTimestamp: 2018-05-11T13:09:54Z
name: openshift-web-console
resourceVersion: "1123438"
selfLink: /oapi/v1/oauthclients/openshift-web-console
uid: 98c50270-551c-11e8-a51b-fa163ed601cb
redirectURIs:
- https://master1.my.net:8443/console/
<https://master1.my.net:8443/console/>
- https://master2.my.net <http://my.net>:8443/console/
Do you have any ideas about these 2 issues? Especially the
second one.
Thank you for any help in advance,
Dan Pungă
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
<http://lists.openshift.redhat.com/openshiftmm/listinfo/users>
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
