Troubleshooting
Problem
Randomly, it is impossible to log in the management console or cloudctl.
Authentication succeeds after increase resources and multiple reboots.
Authentication succeeds after increase resources and multiple reboots.
Environment
- Product Version: IBM Cloud Private 3.2.1
- Platform: Linux 64-Bit
- Operating System: Red Hat Enterprise Linux (RHEL) 7.6
- Service Type: BreakFix
- Virtualization Platform: VMWare
- Problem Area: Usability
Diagnosing The Problem
You need to compare the ldap-ca-cert and the one on the ldap server to make sure they match.
You can delete auth-idp pod then it came back. But the issue might occur again
You can delete auth-idp pod then it came back. But the issue might occur again
Resolving The Problem
To resolve this login issue, see the following instructions:
Steps to reload LDAP certificates inside liberty keystore for all `auth-idp` pods:
1. SSH login to any master node.
2. Get `auth-idp` pods
2. Get `auth-idp` pods
```
kubectl --kubeconfig=/var/lib/kubelet/kubectl-config -n kube-system get pods -l k8s-app=auth-idp
```
3. Execute these commands for each `auth-idp` pod
```
kubectl --kubeconfig=/var/lib/kubelet/kubectl-config -n kube-system exec -it auth-idp-xxxxx -c platform-auth-service -- /bin/bash "/opt/ibm/auth-service/liberty-oidc-docker/import_ldap_certs.sh"
kubectl --kubeconfig=/var/lib/kubelet/kubectl-config -n kube-system exec -it auth-idp-xxxxx -c platform-auth-service -- /bin/bash -c "tail -n 20 /opt/ibm/auth-service/logs/directory_service.log"
--- You may see message `Certificate was added to keystore` for all chain certificates
```
4. If you see any error, then please upload the proper certificate to LDAP server and then restart the `auth-idp` pods.
--- You may see message `Certificate was added to keystore` for all chain certificates
```
4. If you see any error, then please upload the proper certificate to LDAP server and then restart the `auth-idp` pods.
Here is the KC link:
[Configuring LDAP over SSL]
https://www.ibm.com/support/knowledgecenter/SSBS6K_3.2.x/troubleshoot/ldaps_manual.html
[Configuring LDAP over SSL]
https://www.ibm.com/support/knowledgecenter/SSBS6K_3.2.x/troubleshoot/ldaps_manual.html
Restart `auth-idp` pods
```
kubectl --kubeconfig=/var/lib/kubelet/kubectl-config -n kube-system delete pods -l k8s-app=auth-idp
```
```
kubectl --kubeconfig=/var/lib/kubelet/kubectl-config -n kube-system delete pods -l k8s-app=auth-idp
```
Document Location
Worldwide
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBS6K","label":"IBM Cloud Private"},"ARM Category":[{"code":"a8m50000000Ck42AAC","label":"IBM Cloud Private-\u003ESecurity"}],"ARM Case Number":"TS004841867","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
19 September 2022
UID
ibm16413341