rancher: Can't login after adding user/org using GitHub Enterprise as access control

Rancher versions: rancher/server: v1.6.11 rancher/agent: v1.2.7

Infrastructure Stack versions: healthcheck: NA ipsec: NA network-services: NA scheduler: NA kubernetes (if applicable): NA

Docker version: (docker version,docker info preferred) Client: Version: 17.09.0-ce API version: 1.32 Go version: go1.8.3 Git commit: afdb6d4 Built: Tue Sep 26 22:41:23 2017 OS/Arch: linux/amd64

Server: Version: 17.09.0-ce API version: 1.32 (minimum version 1.12) Go version: go1.8.3 Git commit: afdb6d4 Built: Tue Sep 26 22:42:49 2017 OS/Arch: linux/amd64 Experimental: false

Containers: 50 Running: 48 Paused: 0 Stopped: 2 Images: 589 Server Version: 17.09.0-ce Storage Driver: zfs Zpool: storage Zpool Health: ONLINE Parent Dataset: storage Space Used By Parent: 139776 Space Available: 1497869704704 Parent Quota: no Compression: off Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local rancher-nfs Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: active NodeID: 4tsma582cmzkmzyc87arz9fcw Is Manager: true ClusterID: rwvwo3yu9u3xajch35qt5ba52 Managers: 1 Nodes: 1 Orchestration: Task History Retention Limit: 5 Raft: Snapshot Interval: 10000 Number of Old Snapshots to Retain: 0 Heartbeat Tick: 1 Election Tick: 3 Dispatcher: Heartbeat Period: 5 seconds CA Configuration: Expiry Duration: 3 months Force Rotate: 0 Autolock Managers: false Root Rotation In Progress: false Node Address: 10.57.16.61 Manager Addresses: 10.57.16.61:2377 Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0 runc version: 3f2f8b84a77f73d38244dd690525642a72156c64 init version: 949e6fa Security Options: seccomp Profile: default Kernel Version: 3.10.0-693.5.2.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 80 Total Memory: 503.7GiB Name: XXXX ID: XXXX Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Http Proxy: http://10.57.0.12:3128/ Registry: https://index.docker.io/v1/ Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

Operating system and kernel: (cat /etc/os-release, uname -r preferred) NAME=“CentOS Linux” VERSION=“7 (Core)” ID=“centos” ID_LIKE=“rhel fedora” VERSION_ID=“7” PRETTY_NAME=“CentOS Linux 7 (Core)” ANSI_COLOR=“0;31” CPE_NAME=“cpe:/o:centos:centos:7” HOME_URL=“https://www.centos.org/” BUG_REPORT_URL=“https://bugs.centos.org/

CENTOS_MANTISBT_PROJECT=“CentOS-7” CENTOS_MANTISBT_PROJECT_VERSION=“7” REDHAT_SUPPORT_PRODUCT=“centos” REDHAT_SUPPORT_PRODUCT_VERSION=“7”

3.10.0-693.5.2.el7.x86_64 Type/provider of hosts: (VirtualBox/Bare-metal/AWS/GCE/DO) Bare-metal

Setup details: (single node rancher vs. HA rancher, internal DB vs. external DB) single node rancher

Environment Template: (Cattle/Kubernetes/Swarm/Mesos) Cattle

Steps to Reproduce:

  • Install rancher and rancher agent
  • Set-up Github entreprise authentification: it works
  • Log out and log in again: it works
  • Go back to Github entreprise authentification settings and ADD organization as possible users : log out and log in again --> It fails Results: 2017-11-30 13:35:10,610 ERROR [:] [] [] [] [1020391880-4413] [.a.a.i.e.ExternalServiceAuthProvider] Got error from Auth service. statusCode: 500, message: Request failed, got status code: 404. Response: {“error”:“Not Found”} time=“2017-11-30T13:36:09Z” level=error msg=“Github getAccessToken: GET url http://xxx.xxx.com/login/oauth/access_token received error from github, err: Request failed, got status code: 404. Response: {"error":"Not Found"}” time=“2017-11-30T13:36:09Z” level=error msg=“Error generating accessToken from github Request failed, got status code: 404. Response: {"error":"Not Found"}” time=“2017-11-30T13:36:09Z” level=error msg=“GetToken failed with error: Request failed, got status code: 404. Response: {"error":"Not Found"}”

Doing a curl -v http://xxx.xxx.com/login/oauth/access_token from inside the rancher container =:

Hostname was NOT found in DNS cache Trying 10.112.71.249… Connected to xxx.xxx.com (10.112.71.249) port 80 (#0) GET /login/oauth/access_token HTTP/1.1 User-Agent: curl/7.35.0 Host: xxx.xxx.com Accept: /

HTTP/1.1 301 Moved Permanently Content-length: 0 Location: https://xxx.xxx.com/login/oauth/access_token

Connection #0 to host xxx.xxx.com left intact

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 1
  • Comments: 15 (6 by maintainers)

Most upvoted comments

rc4 works to address this issue. Disabling Access Control, then re-configuring it to use GHE, then adding another admin once configured yields a functional instance. Thanks!