subject:"Can't override default token age\?"

Re: Can't override default token age?

2016-06-29 Thread Alex Wauck

Responses below.

On Tue, Jun 28, 2016 at 7:38 PM, Jordan Liggitt  wrote:

> That looks like the right config value. Some things to check:
>
> 1. Are there duplicate `oauthConfig` stanzas (or tokenConfig, etc) in your
> config file? I think the last one wins.
>
No, but there are two tokenConfig sections for some reason.  That explains
it.

As an aside, for external integrations with machine accounts, service
> account tokens are recommended (
> https://docs.openshift.org/latest/dev_guide/service_accounts.html)...
> they don't expire, but can be revoked.
>

This sounds like the right  solution for Nagios.

-- 

Alex Wauck // DevOps Engineer

*E X O S I T E*
*www.exosite.com *

Making Machines More Human.
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Can't override default token age?

2016-06-28 Thread Jordan Liggitt

That looks like the right config value. Some things to check:

1. Are there duplicate `oauthConfig` stanzas (or tokenConfig, etc) in your
config file? I think the last one wins.
2. Do you have multiple API servers, and if so, do they have identical
configs?
3. Have you restarted the API server since changing that config value?
4. Are you sure the server is being started from the config you modified?

As an aside, for external integrations with machine accounts, service
account tokens are recommended (
https://docs.openshift.org/latest/dev_guide/service_accounts.html)... they
don't expire, but can be revoked.

On Tue, Jun 28, 2016 at 3:18 PM, Alex Wauck  wrote:

> I have this in my master-config.yaml:
>
> oauthConfig:
>   tokenConfig:
> accessTokenMaxAgeSeconds: 2628000
>
> Yet, I have to log in every morning, which makes me think the token age is
> still the default 24 hours.  Why?
>
> Context: I want Nagios to be able to check services in our OpenShift
> Origin cluster to ensure that they have at least two healthy pods, among
> other things.  I don't want to have to continually regenerate tokens for
> Nagios to use.  Also, it's kind of a pain for the human users.
>
> --
>
> Alex Wauck // DevOps Engineer
>
> *E X O S I T E*
> *www.exosite.com *
>
> Making Machines More Human.
>
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Can't override default token age?

2016-06-28 Thread Alex Wauck

I have this in my master-config.yaml:

oauthConfig:
  tokenConfig:
accessTokenMaxAgeSeconds: 2628000

Yet, I have to log in every morning, which makes me think the token age is
still the default 24 hours.  Why?

Context: I want Nagios to be able to check services in our OpenShift Origin
cluster to ensure that they have at least two healthy pods, among other
things.  I don't want to have to continually regenerate tokens for Nagios
to use.  Also, it's kind of a pain for the human users.

-- 

Alex Wauck // DevOps Engineer

*E X O S I T E*
*www.exosite.com *

Making Machines More Human.
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Can't override default token age?

Re: Can't override default token age?

Can't override default token age?

3 matches

Site Navigation

Mail list logo

Footer information