rancher: Can't login after adding user/org using GitHub Enterprise as access control
Rancher versions: rancher/server: v1.6.11 rancher/agent: v1.2.7
Infrastructure Stack versions: healthcheck: NA ipsec: NA network-services: NA scheduler: NA kubernetes (if applicable): NA
Docker version: (docker version
,docker info
preferred)
Client:
Version: 17.09.0-ce
API version: 1.32
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:41:23 2017
OS/Arch: linux/amd64
Server: Version: 17.09.0-ce API version: 1.32 (minimum version 1.12) Go version: go1.8.3 Git commit: afdb6d4 Built: Tue Sep 26 22:42:49 2017 OS/Arch: linux/amd64 Experimental: false
Containers: 50 Running: 48 Paused: 0 Stopped: 2 Images: 589 Server Version: 17.09.0-ce Storage Driver: zfs Zpool: storage Zpool Health: ONLINE Parent Dataset: storage Space Used By Parent: 139776 Space Available: 1497869704704 Parent Quota: no Compression: off Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local rancher-nfs Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: active NodeID: 4tsma582cmzkmzyc87arz9fcw Is Manager: true ClusterID: rwvwo3yu9u3xajch35qt5ba52 Managers: 1 Nodes: 1 Orchestration: Task History Retention Limit: 5 Raft: Snapshot Interval: 10000 Number of Old Snapshots to Retain: 0 Heartbeat Tick: 1 Election Tick: 3 Dispatcher: Heartbeat Period: 5 seconds CA Configuration: Expiry Duration: 3 months Force Rotate: 0 Autolock Managers: false Root Rotation In Progress: false Node Address: 10.57.16.61 Manager Addresses: 10.57.16.61:2377 Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0 runc version: 3f2f8b84a77f73d38244dd690525642a72156c64 init version: 949e6fa Security Options: seccomp Profile: default Kernel Version: 3.10.0-693.5.2.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 80 Total Memory: 503.7GiB Name: XXXX ID: XXXX Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Http Proxy: http://10.57.0.12:3128/ Registry: https://index.docker.io/v1/ Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false
Operating system and kernel: (cat /etc/os-release
, uname -r
preferred)
NAME=“CentOS Linux”
VERSION=“7 (Core)”
ID=“centos”
ID_LIKE=“rhel fedora”
VERSION_ID=“7”
PRETTY_NAME=“CentOS Linux 7 (Core)”
ANSI_COLOR=“0;31”
CPE_NAME=“cpe:/o:centos:centos:7”
HOME_URL=“https://www.centos.org/”
BUG_REPORT_URL=“https://bugs.centos.org/”
CENTOS_MANTISBT_PROJECT=“CentOS-7” CENTOS_MANTISBT_PROJECT_VERSION=“7” REDHAT_SUPPORT_PRODUCT=“centos” REDHAT_SUPPORT_PRODUCT_VERSION=“7”
3.10.0-693.5.2.el7.x86_64 Type/provider of hosts: (VirtualBox/Bare-metal/AWS/GCE/DO) Bare-metal
Setup details: (single node rancher vs. HA rancher, internal DB vs. external DB) single node rancher
Environment Template: (Cattle/Kubernetes/Swarm/Mesos) Cattle
Steps to Reproduce:
- Install rancher and rancher agent
- Set-up Github entreprise authentification: it works
- Log out and log in again: it works
- Go back to Github entreprise authentification settings and ADD organization as possible users : log out and log in again --> It fails Results: 2017-11-30 13:35:10,610 ERROR [:] [] [] [] [1020391880-4413] [.a.a.i.e.ExternalServiceAuthProvider] Got error from Auth service. statusCode: 500, message: Request failed, got status code: 404. Response: {“error”:“Not Found”} time=“2017-11-30T13:36:09Z” level=error msg=“Github getAccessToken: GET url http://xxx.xxx.com/login/oauth/access_token received error from github, err: Request failed, got status code: 404. Response: {"error":"Not Found"}” time=“2017-11-30T13:36:09Z” level=error msg=“Error generating accessToken from github Request failed, got status code: 404. Response: {"error":"Not Found"}” time=“2017-11-30T13:36:09Z” level=error msg=“GetToken failed with error: Request failed, got status code: 404. Response: {"error":"Not Found"}”
Doing a curl -v http://xxx.xxx.com/login/oauth/access_token from inside the rancher container =:
Hostname was NOT found in DNS cache Trying 10.112.71.249… Connected to xxx.xxx.com (10.112.71.249) port 80 (#0) GET /login/oauth/access_token HTTP/1.1 User-Agent: curl/7.35.0 Host: xxx.xxx.com Accept: /
HTTP/1.1 301 Moved Permanently Content-length: 0 Location: https://xxx.xxx.com/login/oauth/access_token
Connection #0 to host xxx.xxx.com left intact
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 1
- Comments: 15 (6 by maintainers)
rc4 works to address this issue. Disabling Access Control, then re-configuring it to use GHE, then adding another admin once configured yields a functional instance. Thanks!