Skip to content

[BUG] Logging in to rancher as an auth user throws 500 error after logging out of rancher #40354

New issue
New issue
Closed
Closed
[BUG] Logging in to rancher as an auth user throws 500 error after logging out of rancher#40354
Assignees
anupama2501
Labels
kind/bugIssues that are defects reported by users or that we know have reached a real releasekind/bug-qaIssues that have not yet hit a real release. Bugs introduced by a new feature or enhancementregressionstatus/blockerteam/area1
Milestone
v2.7.2
@anupama2501

Description

@anupama2501
anupama2501
opened on Jan 27, 2023

Rancher Server Setup

  • Rancher version: v2.7-head 91be24c upgraded from 2.7.0
  • Installation option (Docker install/Helm Chart): Docker install
    • If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc):
  • Proxy/Cert Details:

Information about the Cluster

  • Kubernetes version: v1.25.5+k3s1
  • Cluster Type (Local/Downstream): Local
    Custom/Imported or specify provider for Hosted/Infrastructure Provider):

User Information

  • What is the role of the user logged in? (Admin/Cluster Owner/Cluster Member/Project Owner/Project Member/Custom)
    • If custom, define the set of permissions: Admin/ openldap & FreeIPA auth admin

Describe the bug
On upgrading rancher server from 2.7.0 to 2.7-head, auth users are unable to login. This was seen on a fresh install of 2.7-head as well.

To Reproduce

  1. Install rancher server on v2.7.0
  2. Enable openldap/FreeIPA auth
  3. Upgrade rancher server to v2.7-head
  4. Try to login as an auth admin

Result
We get a 500 error whenever we try to login as an auth user:

baseType
: 
"error"
code
: 
"ServerError"
message
: 
"Server error while authenticating"
status
: 
500
type
: 
"error"

Following are the errors seen in docker logs when we try to login and for all the auth users that were added as cluster/project members:

2023/01/27 02:47:57 [ERROR] API error response 500 for POST /v3-public/freeIpaProviders/freeipa?action=login. Cause: invalid server config. at least 1 server needs to be configured
2023/01/27 02:48:03 [ERROR] API error response 500 for POST /v3-public/freeIpaProviders/freeipa?action=login. Cause: invalid server config. at least 1 server needs to be configured

2023/01/26 23:55:29 [ERROR] Unknown error: users.management.cattle.io "cn=<redacted>" not found
2023/01/26 23:55:29 [ERROR] Unknown error: users.management.cattle.io "cn=<redacted> not found
2023/01/26 23:55:29 [ERROR] Unknown error: users.management.cattle.io "cn=<redacted>" not found

If we login as a local admin and navigate back to the auth page, we see a few details that were previously configured were empty:
2023-01-26_19-07-45

Expected Result
Expected the auth providers users to be able to login.

Additional context
This is not seen on 2.7.0, 2.6.10
This is not seen from 2.7.0 >> 2.7.1 but on an upgrade from 2.7.1 >> 2.7-head it is seen

Workaround:
Re add the config details for the auth that were missing.

Metadata

Metadata

Assignees

Labels

kind/bugIssues that are defects reported by users or that we know have reached a real releasekind/bug-qaIssues that have not yet hit a real release. Bugs introduced by a new feature or enhancementregressionstatus/blockerteam/area1

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions