[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to do Mongo Auth ?



On 18/12/14 17:50 +0530, Kavita Kawale wrote:
  Thanks a lot Jason !Â
  These steps are working. I followed steps given by you, now atleast  I
  am able to authenticate into console. but still it is not allowing me
  to show origin's page where I can create new application using
  cartridge. I have attached snapshot for more understanding. I know I am
  missing something in conf file but in which conf file I don't know.Â
  Please let me know  where I am doing wrong.

Okay, the error is coming from the broker (since the console talks to the
broker to get the user, cartridge, application and gear info. It's not
immediately clear if the error is coming from the mongo auth plugin or the
broker config itself. I would look in
/var/log/openshift/broker/httpd/error_log, there should be a more detailed
error message there (if not, then
/var/log/log/openshift/broker/production.log).

For verification, you'll want to try and connect to the MongoDB host from the
command line using the connection details provided. The following should be
sufficient to test:
   For mongo auth plugin config:
       source /etc/openshift/plugins.d/openshift-origin-auth-mongo.conf
   For broker config:
       source /etc/openshift/broker.conf
   For both:
       [ ${MONGO_SSL} == "true" ] && SSL="--ssl"
       mongo -u ${MONGO_USER} -p ${MONGO_PASSWORD} ${SSL} \
       ${MONGO_HOST_PORT}/${MONGO_DB}

For /etc/openshift/broker.conf:
   source /etc/openshift/plugins.d/openshift-origin-auth-mongo.conf

--
Jason

  Thanks in advance
  Kavita

  On Wed, Dec 17, 2014 at 8:09 PM, Jason DeTiberus
  <[1]jdetiber redhat com> wrote:

    On 17/12/14 15:34 +0530, Kavita Kawale wrote:

      Hià à N. Harrison Ripps,
    Â  I tried in this way but still I am unable to do Mongo
    authentication.
    Â  Kavita Ã

    To use the mongo auth plugin, the following steps should be done on
    all broker
    hosts:
    1) Install rubygem-openshift-origin-auth-mongo
    2) Configure the plugin in
    Â  /etc/openshift/plugins.d/openshift-origin-auth-mongo.conf (there
    is an
    Â  example file in the directory that can be used as a template).
    3) Remove/rename the openshift-origin-auth-remote-user.conf file
    from
    Â  /etc/oepnshift/plugins.d
    4) Modify /etc/openshift/console.conf set CONSOLE_SECURITY=basic
    Â  You may need to also comment out the REMOTE_USER* options in the
    Â  console.conf as well, but I'm not entirely sure.
    5) Remove/rename any remote-user plugin config files ending in .conf
    from
    Â  /var/www/openshift/broker/httpd/conf.d/ and
    Â  /var/www/openshift/console/conf.d
    6) You will probably want to remove the remote-user auth plugin from
    the hosts
    Â  as well (rubygem-openshift-origin-auth-remote-user)
    7) Restart openshift-broker and openshift-console. Any errors should
    be found
    Â  in their respective log files:
    Â  /var/log/openshift/{broker,console}/production.log and
    Â  /var/log/openshift/{broker,console}/httpd/error_log
    --
    Jason DeTiberus

    Â  On Mon, Dec 15, 2014 at 9:51 PM, N. Harrison Ripps
    <[1][2]nhr redhat com>

  Â  wrote:
  Â  Â  Hey Kavita--
  Â  Â  On 12/15/2014 11:08 AM, Kavita Kawale wrote:
  Â  Â  Thanks N. Harrison Ripps !
  Â  Â  I have created *openshift-origin-auth-remote-user.conf* inside
  Â  Â  folder
  Â  Â  */var/www/openshift/broker/httpd/conf.d/
  Â  Â  *as well as inside* /var/www/openshift/console/httpd/conf.d/* and
  Â  Â  copied
      below content inside that file â
  Â  Â  That filename is incorrect. Change the name to
  Â  Â  'openshift-origin-auth-mongo.conf' and try again...
  Â  Â  *# The host:port for your MongoDB server*
  Â  Â  *MONGO_HOST_PORT="localhost:27017"*
  Â  Â  *# The user to connect to your MongoDB*
  Â  Â  *MONGO_USER="openshift"*
  Â  Â  *# The password to connect to your MongoDB*
  Â  Â  *MONGO_PASSWORD="mooo"*
  Â  Â  *# The database within your MongoDB to use for auth*
  Â  Â  *MONGO_DB="openshift_broker"*
  Â  But after restarting openshift-broker service, it is thowing below
  Â  error -
  Â  Invalid command 'MONGO_HOST_PORT="<Host Name>:27017"', perhaps
  Â  misspelled
  Â  or defined by a module not included in the server configuration
  Â  Please let me know where I am doing wrong
  Â  Thanks,
  Â  Kavita

    Â  On Mon, Dec 15, 2014 at 8:58 PM, N. Harrison Ripps
    <[2][3]nhr redhat com>
    Â  wrote:

    Â  > Hi Kavita--
    Â  > I can see that you were having a discussion about this with
    Brenton
    Â  last
    Â  > week:

    Â  > [3][4]https://lists.openshift.redhat.com/openshift-archives/
    Â  > dev/2014-December/msg00012.html

    Â  > So it seems like you may need some guidance on what the mongo
    auth
    Â  config
    Â  > file should contain.

    Â  > Here's an example of the file:
    Â  > [4][5]https://github.com/openshift/origin-server/blob/master/
    Â  >
    plugins/auth/mongo/conf/openshift-origin-auth-mongo.conf.example

    Â  > In your MongoDB system located at MONGO_HOST_PORT, you need to
    tell
    Â  us
    Â  > which mongo user to log in as (MONGO_USER, MONGO_PASSWORD) and
    then
    Â  which
    Â  > specific database you want OpenShift to use for auth records
    Â  (MONGO_DB).

    Â  > You can test that your setup is correct by trying to manually
    run the
    Â  > following from your broker:

    Â  > mongo <MONGO_HOST_PORT> -u <MONGO_USER> -p <MONGO_PASSWORD>

    Â  > Assuming you are able to connect, verify the datastore with:

    Â  > db.<MONGO_DB>.find()

    Â  > The openshift-origin-auth-mongo.conf file that you create
    should live
    Â  at
    Â  > /var/www/httpd/conf.d/ and there should be no other auth conf
    files
    Â  there.

    Â  > You can see more info in the docs here:

    Â  > [5][6]http://www.openshift.org/documentation/oo_deployment_
    Â  > guide_comprehensive.html#configure-an-authentication-plugin

    Â  > Hope this helps!

    Â  > On 12/15/2014 04:17 AM, Kavita Kawale wrote:

    Â  >> Hi,

    Â  >> Is anybody can tell me steps to do mongo authentication ?

    Â  >> I want to do mongo authentication instead of LDAP or Basic.

    Â  >> Thanks,
    Â  >> Kavita

    Â  >> _______________________________________________
    Â  >> dev mailing list
    Â  >> [6][7]dev lists openshift redhat com
    Â  >>
    [7][8]http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

    References
    Â  1. mailto:[9]nhr redhat com
    Â  2. mailto:[10]nhr redhat com
    Â  3. [11]https://lists.openshift.redhat.com/openshift-archives/
    Â  4. [12]https://github.com/openshift/origin-server/blob/master/
    Â  5. [13]http://www.openshift.org/documentation/oo_deployment_
    Â  6. mailto:[14]dev lists openshift redhat com
    Â  7. [15]http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

    _______________________________________________
    dev mailing list
    [16]dev lists openshift redhat com
    [17]http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

References

  1. mailto:jdetiber redhat com
  2. mailto:nhr redhat com
  3. mailto:nhr redhat com
  4. https://lists.openshift.redhat.com/openshift-archives/
  5. https://github.com/openshift/origin-server/blob/master/
  6. http://www.openshift.org/documentation/oo_deployment_
  7. mailto:dev lists openshift redhat com
  8. http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
  9. mailto:nhr redhat com
 10. mailto:nhr redhat com
 11. https://lists.openshift.redhat.com/openshift-archives/
 12. https://github.com/openshift/origin-server/blob/master/
 13. http://www.openshift.org/documentation/oo_deployment_
 14. mailto:dev lists openshift redhat com
 15. http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
 16. mailto:dev lists openshift redhat com
 17. http://lists.openshift.redhat.com/openshiftmm/listinfo/dev



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]