Uploaded image for project: 'DC/OS'
  1. DC/OS
  2. DCOS_OSS-4601

Open DC/OS multi master: login fails (authentication token is received, but not valid against all master nodes)

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: DC/OS 1.13
    • Fix Version/s: DC/OS 1.13.0
    • Component/s: dcos-security
    • Labels:
      None
    • Story Points:
      3

      Description

      After creating a DCOS cluster from master with multi-master (3) configuration, it isn't possible to authorize into the cluster (from the UI or CLI).   This is only for open and it is only for multi-master.   The other configurations test fine.

      Here are the steps to reproduce:

      1. create a cluster from CCM using all defaults except switching the "template" to DC/OS Multi Master
      2. Try to log into it
        1. Either click the "Dashboard" link from CCM
        2. or copy the Dashboard link and from the CLI type: dcos cluster setup <url>
      3. This login requires the selection of OAuth type... I selected google which is my standard way (has worked before and works on DC/OS Single Master)
      4. After going through the confirmation steps (or pasting token into CLI)... Nothing happens
        1. On UI it goes back to auth page
        2. on CLI it errors out with the message below

       

      # cli error message
      Error trying to find cluster id: Your core.dcos_acs_token is invalid. Please run: `dcos auth login`
      
      Please make sure the provided DC/OS URL is valid: http://ken-uep32-elasticl-1ps2noim16po4-1619969101.us-west-2.elb.amazonaws.com/
      

      This of course is actually a bad UX... as dcos auth login doesn't work because the url was never recorded by the CLI... it requires dcos cluster setup again which fails.

       

       

        Attachments

          Activity

            People

            • Assignee:
              dominikdary Dominik Dary
              Reporter:
              ken Ken Sipe
              Team:
              Security Team
              Watchers:
              Adam Dangoor (Inactive), Arsen Hayrapetyan, Gustav Paul, Jan-Philip Gehrcke, Jonathan Giddy, jongiddy, Ken Sipe, Martin Hrabovcin, Mergebot, Tim Weidner
            • Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: