[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: proper format for openshift_master_identity_providers in Ansible inventory?

On Wed, Apr 27, 2016 at 4:40 PM, Jason DeTiberus <jdetiber redhat com> wrote:

On Wed, Apr 27, 2016 at 4:19 PM, Robert Wehner <robert wehner returnpath com> wrote:
I am using the advanced installation method for Origin using the 3.0.84-1 release of the openshift-ansible repo. I am trying to set up my identity providers so the cluster will accept LDAP- and htpasswd-based access using an openshift_master_identity_providers setting in my ansible inventory like this:

openshift_master_identity_providers=[{ "name": "ldap_provider", "login" : true, "challenge" : true, "kind" : "LDAPPasswordIdentityProvider", "ldap_server" : "ldap.example.com", "ldap_bind_dn" : "", "ldap_bind_password" : "", "ldap_insecure" : true, "ldap_base_ou" : "ou=People,dc=example,dc=com", "ldap_preferred_username" : "uid" }, {'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]

openshift_master_identity_providers=[{ 'name': 'ldap_provider', 'login' : 'true', 'challenge' : 'true', 'kind' : 'LDAPPasswordIdentityProvider', 'url' : 'ldap://ldap.example.com:389/ou=People,dc=example,dc=com?uid', 'bind_dn' : '', 'bind_password' : '', 'ldap_insecure' : 'true', 'attributes': {'preferredUsername' : 'uid'}}, {'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]

Because of the way that ansible serializes content to/from the inventory file format, it is actually a json encoded string. There are also issues with using boolean values within those json encoded strings when they are not quoted. I updated your version using all single quotes (which I believe doesn't really matter for the Ansible json parser, but it is required as part of the json spec), and also updated some the format of the ldap entry itself.

It's been pointed out to me that I had this backwards. Double quotes should be used rather than single quotes to conform with the json spec.

I've posted this expanded out and easier to read at http://paste.fedoraproject.org/360411/61788028/

This setting always fails with this error:

TASK: [openshift_master | Install httpd-tools if needed] **********************
fatal: [master01.kubtst1.tst.lan.returnpath.net] => with_items expects a list or a set
FATAL: all hosts have already failed -- aborting

I've added a debug statement right before this to print the "openshift.master.identity_providers" variable that ansible is trying to iterate over in this task and it basically looks like a string, not a list:

TASK: [openshift_master | debug var=openshift.master.identity_providers] ******
    "var": {
        "openshift.master.identity_providers": "[{ \"name\": \"ldap_provider\", \"login\" : true, \"challenge\" : true, \"kind\" : \"LDAPPasswordIdentityProvider\", \"ldap_server\" : \"ldap.example.com\", \"ldap_bind_dn\" : \"\", \"ldap_bind_password\" : \"\", \"ldap_insecure\" : true, \"ldap_base_ou\" : \"ou=People,dc=example,dc=com\", \"ldap_preferred_username\" : \"uid\" }, {'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]"

Is this an ansible bug or am I formatting this argument incorrectly? I based the format on the example here: https://docs.openshift.org/latest/install_config/install/advanced_install.html#configuring-cluster-variables

Thanks for any insight,

Robert Wehner

users mailing list
users lists openshift redhat com

Jason DeTiberus

Jason DeTiberus

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]