How does your project relates to Fedora/CentOS?
Describe your workflow and if you need any special permissions (other than admin access to namespace), please tell us and provide a reason for them.
Do you need bare-metal/vms checkout capability? (we prefer your workflow containerized) Yes
Resources required None
PVs: None
Project_name: Samba Project_admins: - anoopcs@disr.it
Metadata Update from @arrfab: - Issue assigned to mobrien - Issue tagged with: Business-As-Usual, centos-ci-infra, low-trouble, medium-gain, namespace-request
This is now available at https://jenkins-sig-samba.apps.ocp.ci.centos.org/
Note: we used the project name sig-samba in place of samba. This is just to note that this is being used by an official CentOS sig.
Feel free to reopen or reach out if there are any issues.
Metadata Update from @mobrien: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Thanks(and really sorry for coming back very late as I was out sick).
When I tried to login, at the very first attempt two different permissions were requested and upon allowing those I got redirected again to the login page. Now from next attempt onward, it ends up in a login page loop.
I also noticed that the email id displayed in the page(during permission request in first attempt) was different from what I have provided in this issue. Is that something needs to be corrected? And does it makes use of Kerberos ticket obtained with FEDORAPROJECT.ORG?
$ klist Ticket cache: KCM:1000 Default principal: anoopcs@FEDORAPROJECT.ORG Valid starting Expires Service principal 12/02/2021 11:47:52 12/03/2021 11:47:46 krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG renew until 12/09/2021 11:47:46
Metadata Update from @anoopcs: - Issue status updated to: Open (was: Closed)
just curious, can you describe the problem ? your login anoopcs should work (based on what @mobrien pushed to openshift with ansible.
anoopcs
if you configured your browser to forward kerberos, yes, it will be transparently used (see https://wiki.centos.org/Authentication#Enabling_kerberos_for_IdP)
On entering https://jenkins-sig-samba.apps.ocp.ci.centos.org/ if I click on "Login with OpenShift" under "Log in to Jenkins using your OpenShift credentials" header it takes me to a page where I have to choose either "kube:admin" or "CentOS_and_Fedora_account". On clicking the latter it again redirects to first page.
I made the changes accordingly but result is the same login page redirect. I tried with and without Kerberos.
well, it works for me and was able to connect to jenkins. Can you try with a "private window" to ensure no cookie is getting in the way ? Login with openshift and then selecting "CentOS and Fedora accounts" would then redirect to id.centos.org and once authenticated , callback sent to oauth for openshift/jenkins and so asking for permissions to store your email address in jenkins and then be logged in
well, it works for me and was able to connect to jenkins. Can you try with a "private window" to ensure no cookie is getting in the way ?
No luck. Cleared "everything" from Firefox. After providing username and (password+OTP) same old page is shown. If I click again no prompt(for username and password) is displayed and stays at the page.
Hm. Getting the exact same behaviour with my centos user "gd". I login with openshift, give my centos username and password and I'm returned to the login page again.
@gd well, you're not included in that project so that would be normal (per initial request, only @anoopcs was added it seems)
well, it works for me and was able to connect to jenkins. Can you try with a "private window" to ensure no cookie is getting in the way ? No luck. Cleared "everything" from Firefox. After providing username and (password+OTP) same old page is shown. If I click again no prompt(for username and password) is displayed and stays at the page.
What else can go wrong here? What would be our next step?
Based on further investigation done over IRC, I can now confirm that I am able to login successfully at https://jenkins-sig-samba.apps.ocp.ci.centos.org/.
We discussed this on irc and also that it was probably due to an email address change, which was the case. So thanks to @dkirwan we wrote a quick SoP so that it was fixed for this case and also documented : https://docs.infra.centos.org/operations/ci/user_email_change/
Metadata Update from @arrfab: - Issue close_status updated to: Fixed with Explanation - Issue status updated to: Closed (was: Open)
Sorry for the long wait but we have found the issue.
When we deploy the jenkins container there is a plugin which we don't manage called openshift sync which is used to gather info from an openshift config map.
This plugin had a bug in which the config map was not applied and therefore our custom configuration was also not applied. The plugin has now been updated to 1.0.51 and all should be working ok
Login to comment on this ticket.