Re: proper format for openshift_master_identity_providers in Ansible inventory?

2016-04-27 Thread Jason DeTiberus 
On Wed, Apr 27, 2016 at 4:40 PM, Jason DeTiberus 
wrote:

>
>
> On Wed, Apr 27, 2016 at 4:19 PM, Robert Wehner <
> robert.weh...@returnpath.com> wrote:
>
>> I am using the advanced installation method for Origin using the 3.0.84-1
>> release of the openshift-ansible repo. I am trying to set up my identity
>> providers so the cluster will accept LDAP- and htpasswd-based access using
>> an openshift_master_identity_providers setting in my ansible inventory like
>> this:
>>
>> openshift_master_identity_providers=[{ "name": "ldap_provider", "login" :
>> true, "challenge" : true, "kind" : "LDAPPasswordIdentityProvider",
>> "ldap_server" : "ldap.example.com", "ldap_bind_dn" : "",
>> "ldap_bind_password" : "", "ldap_insecure" : true, "ldap_base_ou" :
>> "ou=People,dc=example,dc=com", "ldap_preferred_username" : "uid" },
>> {'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind':
>> 'HTPasswdPasswordIdentityProvider', 'filename':
>> '/etc/origin/master/htpasswd'}]
>>
>
> openshift_master_identity_providers=[{ 'name': 'ldap_provider', 'login' :
> 'true', 'challenge' : 'true', 'kind' : 'LDAPPasswordIdentityProvider',
> 'url' : 'ldap://ldap.example.com:389/ou=People,dc=example,dc=com?uid',
> 'bind_dn' : '', 'bind_password' : '', 'ldap_insecure' : 'true',
> 'attributes': {'preferredUsername' : 'uid'}}, {'name': 'htpasswd_auth',
> 'login': 'true', 'challenge': 'true', 'kind':
> 'HTPasswdPasswordIdentityProvider', 'filename':
> '/etc/origin/master/htpasswd'}]
>
> Because of the way that ansible serializes content to/from the inventory
> file format, it is actually a json encoded string. There are also issues
> with using boolean values within those json encoded strings when they are
> not quoted. I updated your version using all single quotes (which I believe
> doesn't really matter for the Ansible json parser, but it is required as
> part of the json spec), and also updated some the format of the ldap entry
> itself.
>

It's been pointed out to me that I had this backwards. Double quotes should
be used rather than single quotes to conform with the json spec.


>
>
>> I've posted this expanded out and easier to read at
>> http://paste.fedoraproject.org/360411/61788028/
>>
>> This setting always fails with this error:
>>
>> TASK: [openshift_master | Install httpd-tools if needed]
>> **
>> fatal: [master01.kubtst1.tst.lan.returnpath.net] => with_items expects a
>> list or a set
>> FATAL: all hosts have already failed -- aborting
>>
>> I've added a debug statement right before this to print the
>> "openshift.master.identity_providers" variable that ansible is trying to
>> iterate over in this task and it basically looks like a string, not a list:
>>
>> TASK: [openshift_master | debug var=openshift.master.identity_providers]
>> **
>> ok: [master01.kubtst1.tst.lan.returnpath.net] => {
>> "var": {
>> "openshift.master.identity_providers": "[{ \"name\":
>> \"ldap_provider\", \"login\" : true, \"challenge\" : true, \"kind\" :
>> \"LDAPPasswordIdentityProvider\", \"ldap_server\" : \"ldap.example.com\",
>> \"ldap_bind_dn\" : \"\", \"ldap_bind_password\" : \"\", \"ldap_insecure\" :
>> true, \"ldap_base_ou\" : \"ou=People,dc=example,dc=com\",
>> \"ldap_preferred_username\" : \"uid\" }, {'name': 'htpasswd_auth', 'login':
>> 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider',
>> 'filename': '/etc/origin/master/htpasswd'}]"
>> }
>> }
>>
>> Is this an ansible bug or am I formatting this argument incorrectly? I
>> based the format on the example here:
>> https://docs.openshift.org/latest/install_config/install/advanced_install.html#configuring-cluster-variables
>>
>>
>> Thanks for any insight,
>>
>>
>>
>> --
>> Robert Wehner
>>
>>
>> ___
>> users mailing list
>> users@lists.openshift.redhat.com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>>
>
>
> --
> Jason DeTiberus
>



-- 
Jason DeTiberus
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: proper format for openshift_master_identity_providers in Ansible inventory?

2016-04-27 Thread Jason DeTiberus 
On Wed, Apr 27, 2016 at 4:19 PM, Robert Wehner  wrote:

> I am using the advanced installation method for Origin using the 3.0.84-1
> release of the openshift-ansible repo. I am trying to set up my identity
> providers so the cluster will accept LDAP- and htpasswd-based access using
> an openshift_master_identity_providers setting in my ansible inventory like
> this:
>
> openshift_master_identity_providers=[{ "name": "ldap_provider", "login" :
> true, "challenge" : true, "kind" : "LDAPPasswordIdentityProvider",
> "ldap_server" : "ldap.example.com", "ldap_bind_dn" : "",
> "ldap_bind_password" : "", "ldap_insecure" : true, "ldap_base_ou" :
> "ou=People,dc=example,dc=com", "ldap_preferred_username" : "uid" },
> {'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind':
> 'HTPasswdPasswordIdentityProvider', 'filename':
> '/etc/origin/master/htpasswd'}]
>

openshift_master_identity_providers=[{ 'name': 'ldap_provider', 'login' :
'true', 'challenge' : 'true', 'kind' : 'LDAPPasswordIdentityProvider',
'url' : 'ldap://ldap.example.com:389/ou=People,dc=example,dc=com?uid',
'bind_dn' : '', 'bind_password' : '', 'ldap_insecure' : 'true',
'attributes': {'preferredUsername' : 'uid'}}, {'name': 'htpasswd_auth',
'login': 'true', 'challenge': 'true', 'kind':
'HTPasswdPasswordIdentityProvider', 'filename':
'/etc/origin/master/htpasswd'}]

Because of the way that ansible serializes content to/from the inventory
file format, it is actually a json encoded string. There are also issues
with using boolean values within those json encoded strings when they are
not quoted. I updated your version using all single quotes (which I believe
doesn't really matter for the Ansible json parser, but it is required as
part of the json spec), and also updated some the format of the ldap entry
itself.


> I've posted this expanded out and easier to read at
> http://paste.fedoraproject.org/360411/61788028/
>
> This setting always fails with this error:
>
> TASK: [openshift_master | Install httpd-tools if needed]
> **
> fatal: [master01.kubtst1.tst.lan.returnpath.net] => with_items expects a
> list or a set
> FATAL: all hosts have already failed -- aborting
>
> I've added a debug statement right before this to print the
> "openshift.master.identity_providers" variable that ansible is trying to
> iterate over in this task and it basically looks like a string, not a list:
>
> TASK: [openshift_master | debug var=openshift.master.identity_providers]
> **
> ok: [master01.kubtst1.tst.lan.returnpath.net] => {
> "var": {
> "openshift.master.identity_providers": "[{ \"name\":
> \"ldap_provider\", \"login\" : true, \"challenge\" : true, \"kind\" :
> \"LDAPPasswordIdentityProvider\", \"ldap_server\" : \"ldap.example.com\",
> \"ldap_bind_dn\" : \"\", \"ldap_bind_password\" : \"\", \"ldap_insecure\" :
> true, \"ldap_base_ou\" : \"ou=People,dc=example,dc=com\",
> \"ldap_preferred_username\" : \"uid\" }, {'name': 'htpasswd_auth', 'login':
> 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider',
> 'filename': '/etc/origin/master/htpasswd'}]"
> }
> }
>
> Is this an ansible bug or am I formatting this argument incorrectly? I
> based the format on the example here:
> https://docs.openshift.org/latest/install_config/install/advanced_install.html#configuring-cluster-variables
>
>
> Thanks for any insight,
>
>
>
> --
> Robert Wehner
>
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>


-- 
Jason DeTiberus
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

proper format for openshift_master_identity_providers in Ansible inventory?

2016-04-27 Thread Robert Wehner 
I am using the advanced installation method for Origin using the 3.0.84-1
release of the openshift-ansible repo. I am trying to set up my identity
providers so the cluster will accept LDAP- and htpasswd-based access using
an openshift_master_identity_providers setting in my ansible inventory like
this:

openshift_master_identity_providers=[{ "name": "ldap_provider", "login" :
true, "challenge" : true, "kind" : "LDAPPasswordIdentityProvider",
"ldap_server" : "ldap.example.com", "ldap_bind_dn" : "",
"ldap_bind_password" : "", "ldap_insecure" : true, "ldap_base_ou" :
"ou=People,dc=example,dc=com", "ldap_preferred_username" : "uid" },
{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind':
'HTPasswdPasswordIdentityProvider', 'filename':
'/etc/origin/master/htpasswd'}]

I've posted this expanded out and easier to read at
http://paste.fedoraproject.org/360411/61788028/

This setting always fails with this error:

TASK: [openshift_master | Install httpd-tools if needed]
**
fatal: [master01.kubtst1.tst.lan.returnpath.net] => with_items expects a
list or a set
FATAL: all hosts have already failed -- aborting

I've added a debug statement right before this to print the
"openshift.master.identity_providers" variable that ansible is trying to
iterate over in this task and it basically looks like a string, not a list:

TASK: [openshift_master | debug var=openshift.master.identity_providers]
**
ok: [master01.kubtst1.tst.lan.returnpath.net] => {
"var": {
"openshift.master.identity_providers": "[{ \"name\":
\"ldap_provider\", \"login\" : true, \"challenge\" : true, \"kind\" :
\"LDAPPasswordIdentityProvider\", \"ldap_server\" : \"ldap.example.com\",
\"ldap_bind_dn\" : \"\", \"ldap_bind_password\" : \"\", \"ldap_insecure\" :
true, \"ldap_base_ou\" : \"ou=People,dc=example,dc=com\",
\"ldap_preferred_username\" : \"uid\" }, {'name': 'htpasswd_auth', 'login':
'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider',
'filename': '/etc/origin/master/htpasswd'}]"
}
}

Is this an ansible bug or am I formatting this argument incorrectly? I
based the format on the example here:
https://docs.openshift.org/latest/install_config/install/advanced_install.html#configuring-cluster-variables


Thanks for any insight,



--
Robert Wehner
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Public URL's

2016-04-27 Thread Aleksandar Lazic 
Hi Fran.


with  two router pairs and with different domains,

Yes it's possible.


If I understand you right.


Best regards

Aleks


From: users-boun...@lists.openshift.redhat.com 
 on behalf of Fran Barrera 

Sent: Wednesday, April 27, 2016 19:03
To: users
Subject: Public URL's

Hello,

Is it possible to publish openshift with two URL's? I can see the parameter 
PublicURL in master-config.yaml but I need to have two PublicURL. I don't know 
if this is possible or if this will be done for other way.

Best Regards.
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: OpenShift Origin assistance desired

2016-04-27 Thread Alex Wauck 
On Wed, Apr 27, 2016 at 12:10 PM, Jonathan Yu  wrote:

> Hey Alex,
>
> On Tue, Apr 26, 2016 at 1:06 PM, Alex Wauck  wrote:
>
>> My employer (www.exosite.com) has a pilot project using OpenShift Origin
>> and we're looking for a contractor to help in configuring OpenShift and
>> Kubernetes. AWS experience would be helpful too, since we suspect the
>> issues
>>
> Not to make this sound like an ad, but... Have you considered Red Hat
> Consulting? https://www.redhat.com/en/services/consulting
>

Considering our experience attempting to get OpenShift Enterprise and the
associated support, we get the feeling that 1) we are not the kind of
customer Red Hat is particularly interested in (small, not a huge budget),
and 2) whatever they offer us will be expensive.

Right now, we just need an expert to help us figure out what's wrong with
our configuration and fix it.  (We're not doing anything weird, so we're
assuming that our problems are simple but we just don't know where to
look.)  I, for one, am not convinced that Red Hat is willing to provide
that to us, at least not at a reasonable price (rather, a "please go away,
but we don't want to actually say that" price).

-- 

Alex Wauck // DevOps Engineer
+1 612 790 1558 (USA Mobile)

*E X O S I T E*
*www.exosite.com *
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: OpenShift Origin assistance desired

2016-04-27 Thread Jonathan Yu 
Hey Alex,

On Tue, Apr 26, 2016 at 1:06 PM, Alex Wauck  wrote:

> My employer (www.exosite.com) has a pilot project using OpenShift Origin
> and we're looking for a contractor to help in configuring OpenShift and
> Kubernetes. AWS experience would be helpful too, since we suspect the
> issues
>
Not to make this sound like an ad, but... Have you considered Red Hat
Consulting? https://www.redhat.com/en/services/consulting
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Public URL's

2016-04-27 Thread Fran Barrera 
Hello,

Is it possible to publish openshift with two URL's? I can see the parameter
PublicURL in master-config.yaml but I need to have two PublicURL. I don't
know if this is possible or if this will be done for other way.

Best Regards.
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: overwrite parameteres (env) of template

2016-04-27 Thread Clayton Coleman 
This is a usability bug in new-app, in that it's easy to get this mixed up.

When you run "oc new-app a_template A=B" we should treat A as a
parameter, and when you run "oc new-app a_image A=B" we should treat A
as an env var, which would make the behavior more with user
expectation (env and params are very similar for a reason).

On Wed, Apr 27, 2016 at 10:00 AM, Luke Meyer  wrote:
> To be fair, the command usage statement isn't clear about the context in
> which -e is used. For template parameters, you should be using --param. For
> env vars on creating an app from source/image/custom -e would be relevant.
>
> On Wed, Apr 27, 2016 at 8:20 AM, Skarbek, John  wrote:
>>
>> Den,
>>
>> You are passing the incorrect flags. The templates don’t use the -e flag,
>> but rather the --param flag.  Something like this should work:
>>
>> ```
>>
>> oc new-app mysql-ephemeral \
>> > --param=MYSQL_USER=activiti \
>> > --param=MYSQL_PASSWORD=activiti \
>> > --param=MYSQL_DATABASE=activiti_production
>>
>> ```
>>
>>
>>
>> --
>> John Skarbek
>>
>> On April 27, 2016 at 08:02:11, Den Cowboy (dencow...@hotmail.com) wrote:
>>
>> mysql-ephemeral
>>
>>
>> ___
>> users mailing list
>> users@lists.openshift.redhat.com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: overwrite parameteres (env) of template

2016-04-27 Thread Luke Meyer 
To be fair, the command usage statement isn't clear about the context in
which -e is used. For template parameters, you should be using --param. For
env vars on creating an app from source/image/custom -e would be relevant.

On Wed, Apr 27, 2016 at 8:20 AM, Skarbek, John  wrote:

> Den,
>
> You are passing the incorrect flags. The templates don’t use the -e flag,
> but rather the --param flag.  Something like this should work:
>
> ```
>
> oc new-app mysql-ephemeral \
> > --param=MYSQL_USER=activiti \
> > --param=MYSQL_PASSWORD=activiti \
> > --param=MYSQL_DATABASE=activiti_production
>
> ```
>
>
>
> --
> John Skarbek
>
> On April 27, 2016 at 08:02:11, Den Cowboy (dencow...@hotmail.com) wrote:
>
> mysql-ephemeral
>
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: overwrite parameteres (env) of template

2016-04-27 Thread Skarbek, John 
Den,

You are passing the incorrect flags. The templates don’t use the -e flag, but 
rather the --param flag.  Something like this should work:

```

oc new-app mysql-ephemeral \
> --param=MYSQL_USER=activiti \
> --param=MYSQL_PASSWORD=activiti \
> --param=MYSQL_DATABASE=activiti_production

```


--
John Skarbek


On April 27, 2016 at 08:02:11, Den Cowboy 
(dencow...@hotmail.com) wrote:

mysql-ephemeral
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

overwrite parameteres (env) of template

2016-04-27 Thread Den Cowboy 
I try to create a mysql container using the template (from the CLI, in the 
webapp it works fine)
$ oc new-project test
$ oc new-app mysql-ephemeral \
> -e MYSQL_USER=activiti \
> -e MYSQL_PASSWORD=activiti \
> -e MYSQL_DATABASE=activiti_production
--> Deploying template "mysql-ephemeral" in project "openshift" for 
"mysql-ephemeral"
 With parameters:
  Memory Limit=512Mi
  Namespace=openshift
  Database Service Name=mysql
  MySQL User=userGB1 # generated
  MySQL Password=7VB5qmdHuXbPl52p # generated
  MySQL Database Name=sampledb

I see a mysql in my test project with the wrong parameters/env variables.
  ___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users