I created a ticket as tricks proposed doesn't resolve the issue https://github.com/openshift/origin-web-console-server/issues/38
On Thu, May 17, 2018 at 5:04 PM, Sam Padgett <[email protected]> wrote: > It's hard to say what's wrong. The config you pasted earlier looks > correct. I'd suggest turning on DEBUG logging for the auth logger to help > troubleshoot. > > https://github.com/openshift/origin-web-console#enable-- > disable-console-log-output > https://developer.mozilla.org/en-US/docs/Learn/Common_ > questions/What_are_browser_developer_tools > > localStorage["OpenShiftLogLevel.auth"] = 'DEBUG'; > > > Note: Don't attach the full output to the list since it might contain > sensitive information. > > On Thu, May 17, 2018 at 10:25 AM, Dan Pungă <[email protected]> wrote: > >> I'm using https://loadbalance.my.net:8443 to access the web console, >> yes. >> >> I'm really stuck with this one and it seems there isn't much discussion >> on this topic, not even previous bugs of this sort that I can find. >> I've tried different versions for the 2 configurations (the configMap and >> the oauthclient file) with no result. >> >> >> On 17.05.2018 16:46, Sam Padgett wrote: >> >> Can you make sure when you first visit the console (before logging in) >> you use the public URL? One reason you'd see that error is if you visited >> https://master1.my.net:8443/console/ first instead of the public URL. >> >> On Wed, May 16, 2018 at 7:34 PM, Dan Pungă <[email protected]> wrote: >> >>> Thanks for the reply Sam! >>> >>> Unfortunately with this setup I get only the "invalid request" page that >>> I've attached previously. But now the URL stays on >>> loadbalance.my.net:8443/console: >>> >>> https://loadbalance.my.net:8443/console/error?error=invalid_ >>> request&error_description=Client%20state%20could%20not%20be% >>> 20verified&error_uri= >>> >>> The new configMap looks like this: >>> >>> apiVersion: v1 >>> data: >>> webconsole-config.yaml: | >>> apiVersion: webconsole.config.openshift.io/v1 >>> clusterInfo: >>> consolePublicURL: https://loadbalance.my.net:8443/console/ >>> loggingPublicURL: https://kibana.apps.my.net >>> logoutPublicURL: '' >>> masterPublicURL: https://loadbalance.my.net:8443 >>> metricsPublicURL: https://hawkular-metrics.apps.my.net >>> /hawkular/metrics >>> extensions: >>> properties: {} >>> scriptURLs: [] >>> stylesheetURLs: [] >>> features: >>> clusterResourceOverridesEnabled: false >>> inactivityTimeoutMinutes: 0 >>> kind: WebConsoleConfiguration >>> servingInfo: >>> bindAddress: 0.0.0.0:8443 >>> bindNetwork: tcp4 >>> certFile: /var/serving-cert/tls.crt >>> clientCA: '' >>> keyFile: /var/serving-cert/tls.key >>> maxRequestsInFlight: 0 >>> namedCertificates: null >>> requestTimeoutSeconds: 0 >>> kind: ConfigMap >>> metadata: >>> creationTimestamp: 2018-05-16T23:11:11Z >>> name: webconsole-config >>> namespace: openshift-web-console >>> resourceVersion: "1187596" >>> selfLink: /api/v1/namespaces/openshift-web-console/configmaps/webconso >>> le-config >>> uid: 6c33acdd-595e-11e8-8a63-fa163ed601cb >>> >>> The new oauthclient/openshift-web-console is now: >>> >>> apiVersion: v1 >>> grantMethod: auto >>> kind: OAuthClient >>> metadata: >>> creationTimestamp: 2018-05-16T23:20:11Z >>> name: openshift-web-console >>> resourceVersion: "1189032" >>> selfLink: /oapi/v1/oauthclients/openshift-web-console >>> uid: ae780fee-595f-11e8-8a63-fa163ed601cb >>> redirectURIs: >>> - https://loadbalance.my.net:8443/console >>> - https://master1.my.net:8443/console >>> - https://master2.my.net:8443/console >>> >>> Anything else I need to check maybe? >>> >>> >>> On 17.05.2018 01:32, Sam Padgett wrote: >>> >>> I'd make these updates to the config map: >>> >>> consolePublicURL: https://loadbalance.my.net:8443/console/ >>> masterPublicURL: https://loadbalance.my.net:8443 >>> >>> Then edit the OAuth client as cluster-admin to add the console public >>> URL to the allowed callbacks. >>> >>> $ oc patch oauthclient/openshift-web-console -p '{"redirectURIs":[" >>> https://loadbalance.my.net:8443/"]}' >>> >>> Editing the OAuth client should fix the invalid request error on login. >>> >>> Sam >>> >>> >>> On Wed, May 16, 2018 at 6:03 PM, Dan Pungă <[email protected]> wrote: >>> >>>> Hello all! >>>> >>>> I'm setting up a recently installed Openshift Origin v3.9 and I've >>>> discovered a problem with the web-console. >>>> The environment has 2 masters: master1 and master2 and a loadbalancer, >>>> all installed via openshift-ansible. >>>> I'm accessing the web-console UI with https://loadbalance.my.net:8443 >>>> I've noticed some problems with the login form in the webconsole, where >>>> I got some error about invalid request (attached image). On a second >>>> attempt I can login succesfully. >>>> >>>> A second problem, maybe unrelated, is the content of the >>>> webconsole-config configmap which has: >>>> consolePublicURL: https://master1.my.net:8443/console/ >>>> loggingPublicURL: https://.... >>>> logoutPublicURL: '' >>>> masterPublicURL: https://master1.my.net:8443 >>>> >>>> This looks like the configuration uses only the master1. I've tried >>>> modifying the values for consolePublicURL and masterPublicURL to point to >>>> loadbalance.my.net:8443, but after pod restart I get a json response >>>> with invalid request and the console doesn't load. >>>> I've checked the master-config.yaml on both masters and it "looks" fine >>>> to me: >>>> >>>> masterPublicURL: https://master1.my.net:8443 >>>> assetPublicURL: https://master1.my.net:8443/console/ >>>> masterPublicURL: https://master1.my.net:8443 >>>> masterURL: https://loadbalance.my.net:8443 >>>> subdomain: my.net >>>> >>>> and the equivalent for master2. >>>> >>>> Also, I've read through the archives and I've checked the >>>> oauthclient/openshift-web-console resource which is >>>> >>>> apiVersion: v1 >>>> grantMethod: auto >>>> kind: OAuthClient >>>> metadata: >>>> creationTimestamp: 2018-05-11T13:09:54Z >>>> name: openshift-web-console >>>> resourceVersion: "1123438" >>>> selfLink: /oapi/v1/oauthclients/openshift-web-console >>>> uid: 98c50270-551c-11e8-a51b-fa163ed601cb >>>> redirectURIs: >>>> - https://master1.my.net:8443/console/ >>>> - https://master2.my.net:8443/console/ >>>> >>>> >>>> Do you have any ideas about these 2 issues? Especially the second one. >>>> >>>> Thank you for any help in advance, >>>> Dan Pungă >>>> >>>> >>>> _______________________________________________ >>>> users mailing list >>>> [email protected] >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>> >>>> >>> >>> >> >> > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
