RE: OpenShift Origin Active Directory Authentication

Werner, Mark Wed, 12 Jul 2017 07:38:30 -0700

Tried again. Made changes from cn=users to ou=users


oauthConfig:

  assetPublicURL: https://master.domain.local:8443/console/

  grantConfig:

    method: auto

  identityProviders:

  - name: Active_Directory

    challenge: true

    login: true

      mappingMethod: claim

    provider:

      apiVersion: v1

      kind: LDAPPasswordIdentityProvider

      attributes:

        id:

        - dn

        email:

        - mail

        name:

        - cn

        preferredUsername:

        - uid

      bindDN: "cn=openshift,ou=users,dc=cswp,dc=local"

      bindPassword: "password"

      insecure: true

      url: ldap://dc.domain.local:389/ou=users,dc=cswp,dc=local?uid

  assetPublicURL: https://master.domain.local:8443/console/

  masterPublicURL: https://master.domain.local:8443

  masterURL: https://master.domain.local:8443

 

Same result. 

 

systemctl restart origin-master

Job for origin-master.service failed because the control process exited with 
err                                                                             
or code. See "systemctl status origin-master.service" and "journalctl -xe" for 
d                                                                             
etails.

 

Results from “systemctl status origin-master.service:

 

   Loaded: loaded (/etc/systemd/system/origin-master.service; enabled; vendor 
preset: disabled)

   Active: activating (auto-restart) (Result: exit-code) since Wed 2017-07-12 
10:16:02 EDT; 2s ago

     Docs:  <https://github.com/openshift/origin> 
https://github.com/openshift/origin

  Process: 41762 ExecStart=/usr/bin/openshift start master 
--config=${CONFIG_FILE} $OPTIONS (code=exited, status=255)

Main PID: 41762 (code=exited, status=255)

Jul 12 10:16:02 master.domain.local systemd[1]: origin-master.service: main 
process exited, code=exited, status=255/n/a

Jul 12 10:16:02 master.domain.local systemd[1]: Failed to start Origin Master 
Service.

Jul 12 10:16:02 master.domain.local systemd[1]: Unit origin-master.service 
entered failed state.

Jul 12 10:16:02 master.domain.local systemd[1]: origin-master.service failed.

Results from journalctl –xe:

 

Jul 12 10:17:02 master.domain.local systemd[1]: Failed to start Origin Master 
Service.

-- Subject: Unit origin-master.service has failed

-- Defined-By: systemd

-- Support:  <http://lists.freedesktop.org/mailman/listinfo/systemd-devel> 
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit origin-master.service has failed.

--

-- The result is failed.

Jul 12 10:17:02 master.domain.local systemd[1]: Unit origin-master.service 
entered failed state.

Jul 12 10:17:02 master.domain.local systemd[1]: origin-master.service failed.

Jul 12 10:17:03 master.domain.local origin-node[14773]: E0712 10:17:03.459671   
14773 reflector.go:188] pkg/kubelet/config/apiserver.go:44: Failed to

Jul 12 10:17:03 master.domain.local origin-node[14773]: E0712 10:17:03.459675   
14773 reflector.go:188] github.com/openshift/origin/pkg/cmd/server/kub

Jul 12 10:17:03 master.domain.local origin-node[14773]: E0712 10:17:03.462990   
14773 reflector.go:188] github.com/openshift/origin/pkg/sdn/plugin/com

Jul 12 10:17:03 master.domain.local origin-node[14773]: E0712 10:17:03.465266   
14773 reflector.go:188] github.com/openshift/origin/pkg/cmd/server/kub

Jul 12 10:17:03 master.domain.local origin-node[14773]: E0712 10:17:03.465367   
14773 reflector.go:188] pkg/kubelet/kubelet.go:386: Failed to list *ap

Jul 12 10:17:03 master.domain.local origin-node[14773]: E0712 10:17:03.467387   
14773 reflector.go:188] github.com/openshift/origin/pkg/sdn/plugin/com

Jul 12 10:17:03 master.domain.local origin-node[14773]: E0712 10:17:03.467413   
14773 reflector.go:188] pkg/kubelet/kubelet.go:378: Failed to list *ap

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.043488   
14773 kubelet_node_status.go:323] Error updating node status, will ret

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.045247   
14773 kubelet_node_status.go:323] Error updating node status, will ret

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.046899   
14773 kubelet_node_status.go:323] Error updating node status, will ret

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.048586   
14773 kubelet_node_status.go:323] Error updating node status, will ret

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.050320   
14773 kubelet_node_status.go:323] Error updating node status, will ret

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.050347   
14773 kubelet_node_status.go:315] Unable to update node status: update

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.461624   
14773 reflector.go:188] github.com/openshift/origin/pkg/cmd/server/kub

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.461642   
14773 reflector.go:188] pkg/kubelet/config/apiserver.go:44: Failed to

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.464708   
14773 reflector.go:188] github.com/openshift/origin/pkg/sdn/plugin/com

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.467208   
14773 reflector.go:188] pkg/kubelet/kubelet.go:386: Failed to list *ap

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.467307   
14773 reflector.go:188] github.com/openshift/origin/pkg/cmd/server/kub

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.469897   
14773 reflector.go:188] pkg/kubelet/kubelet.go:378: Failed to list *ap

Jul 12 10:17:04 master.domain.local origin-node[14773]: E0712 10:17:04.470005   
14773 reflector.go:188] github.com/openshift/origin/pkg/sdn/plugin/com

Jul 12 10:17:05 master.domain.local origin-node[14773]: I0712 10:17:05.285778   
14773 conversion.go:134] failed to handle multiple devices for contain

Jul 12 10:17:05 master.domain.local origin-node[14773]: I0712 10:17:05.285815   
14773 conversion.go:134] failed to handle multiple devices for contain

Jul 12 10:17:05 master.domain.local origin-node[14773]: E0712 10:17:05.464870   
14773 reflector.go:188] github.com/openshift/origin/pkg/cmd/server/kub

Jul 12 10:17:05 master.domain.local origin-node[14773]: E0712 10:17:05.465001   
14773 reflector.go:188] pkg/kubelet/config/apiserver.go:44: Failed to

Jul 12 10:17:05 master.domain.local origin-node[14773]: E0712 10:17:05.467033   
14773 reflector.go:188] github.com/openshift/origin/pkg/sdn/plugin/com

Jul 12 10:17:05 master.domain.local origin-node[14773]: E0712 10:17:05.469282   
14773 reflector.go:188] github.com/openshift/origin/pkg/cmd/server/kub

Jul 12 10:17:05 master.domain.local origin-node[14773]: E0712 10:17:05.469888   
14773 reflector.go:188] pkg/kubelet/kubelet.go:386: Failed to list *ap

Jul 12 10:17:05 master.domain.local origin-node[14773]: E0712 10:17:05.471984   
14773 reflector.go:188] pkg/kubelet/kubelet.go:378: Failed to list *ap

Jul 12 10:17:05 master.domain.local origin-node[14773]: E0712 10:17:05.472081   
14773 reflector.go:188] github.com/openshift/origin/pkg/sdn/plugin/com

Jul 12 10:17:06 master.domain.local origin-node[14773]: E0712 10:17:06.467151   
14773 reflector.go:188] pkg/kubelet/config/apiserver.go:44: Failed to

Jul 12 10:17:06 master.domain.local origin-node[14773]: E0712 10:17:06.467177   
14773 reflector.go:188] github.com/openshift/origin/pkg/cmd/server/kub

Jul 12 10:17:06 master.domain.local origin-node[14773]: E0712 10:17:06.468688   
14773 reflector.go:188] github.com/openshift/origin/pkg/sdn/plugin/com

Jul 12 10:17:06 master.domain.local origin-node[14773]: E0712 10:17:06.470937   
14773 reflector.go:188] github.com/openshift/origin/pkg/cmd/server/kub

Jul 12 10:17:06 master.domain.local origin-node[14773]: E0712 10:17:06.472454   
14773 reflector.go:188] pkg/kubelet/kubelet.go:386: Failed to list *ap

Jul 12 10:17:06 master.domain.local origin-node[14773]: E0712 10:17:06.473711   
14773 reflector.go:188] pkg/kubelet/kubelet.go:378: Failed to list *ap

Jul 12 10:17:06 master.domain.local origin-node[14773]: E0712 10:17:06.473723   
14773 reflector.go:188] github.com/openshift/origin/pkg/sdn/plugin/com

 

 

Mark Werner | Senior Systems Engineer | Cloud & Infrastructure Services

Unisys | Mobile Phone 586.214.9017 |  <mailto:mark.wer...@unisys.com> 
mark.wer...@unisys.com 

11720 Plaza America Drive, Reston, VA 20190

 

 <http://www.unisys.com/> 

 

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is for use only by the intended recipient. If you received this in 
error, please contact the sender and delete the e-mail and its attachments from 
all devices.

 <http://www.linkedin.com/company/unisys>    <http://twitter.com/unisyscorp>   
<https://plus.google.com/+UnisysCorp/posts>  
<http://www.youtube.com/theunisyschannel>  <http://www.facebook.com/unisyscorp> 
 <https://vimeo.com/unisys>  <http://blogs.unisys.com/> 

 

From: Jon Stanley [mailto:jonstan...@gmail.com] 
Sent: Wednesday, July 12, 2017 10:08 AM
To: Werner, Mark <mark.wer...@unisys.com>
Cc: users@lists.openshift.redhat.com
Subject: Re: OpenShift Origin Active Directory Authentication

 

 

      bindDN: "cn=openshift,cn=users,dc=domain,dc=local"

      bindPassword: "password"

      insecure: true

      url: ldap://dc.domain.local:389/cn=users,dc=domain,dc=local?uid

 

 

 

In addition to Clayton's question of the exact messages, this configuration 
looks bad - I'm not sure if it's a problem in your redaction of the 
configuration, or if it's real - 'cn=openshift,cn=users,dc=domain,dc=local' has 
2 CN's in it -  should be 'cn=openshift,ou=users,dc=domain,dc=local'

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

RE: OpenShift Origin Active Directory Authentication

Reply via email to