Universal login page for DC/OS not working

bhudgeons · May 6, 2024, 7:55pm

This should be generating a login token, but it is not. This is preventing access to DCOS installations.

https://dcos.auth0.com/login?ajs_anonymous_id=&client=3yF5TOSzdlI45Q1xspxzeoGBe9fNxm9m&cluster_id=c853a31b-790e-4ad2-b981-8d93da1b8e4b&redirect_uri=urn:ietf:wg:oauth:2.0:oob

zzlyzq · May 7, 2024, 11:44am

Yes, I also met this problem.

I can’t login with my dcos cluster.

zzlyzq · May 9, 2024, 12:34am

I found more information on slack channel.

https://app.slack.com/client/T052AG7L4/activity?recommended_build_version=1715192845&build_manifest_last_modified=1715200080

And I am testing modify or reinstall master node one by one with oauth_enabled on false.

shatten · May 9, 2024, 9:23am

Hello,
I’ve tested the solution, suggested on the blogpost:

In short: following this documentation:

I was able to patch the configuration of the masters adding:
“oauth_enabled”:“false”

This setting disables the login and everyone with the url can access DC/OS. We also found a way to replace dcos.auth0.com with our own Identity server in order to keep the login and the oauth method. But this solution takes a lot of work in the bouncer and in the adminrouter applications on the masters.

zzlyzq · May 9, 2024, 10:14am

Amazing, Thanks for shatten.

At the time to go home, I checked the auth0.com fourm and the slack channel. I saw that shatten used the paching method to patch the cluster.

I made a simple test that with the three master nodes which used oauth_enabled for true. And follow the instructures and shatten’s said.

# on bootstrap, change the genconf/config.yml with oauth_enabled to false, and execute the following command 
/opt/dcos/dcos_generate_config.sh --generate-node-upgrade-script 1.9.1

# on the master nodes, execute
wget http://192.168.234.167/upgrade/2391cde167f6489da8f60bc4e07bd466/dcos_node_upgrade.sh -O dcos_node_upgrade.sh
bash dcos_node_upgrade.sh

The full info can access the blog. DCOS又不能登录了 - 运维123

Muninn97 · May 15, 2024, 6:40pm

hello

I am experiencing the same problem
And I am using docs version 1.10.8

Can you tell me how to solve the problem?

craig.neth · May 17, 2024, 2:54pm

This was caused by a problem with the auth0 application configuration that has been resolved, this should be working again now, we can see successful logins again.

HOWEVER - DC/OS went EOL in October of 2021. There is nobody actively monitoring this Auth0 application and so further outages of this service are almost certainly guaranteed.

If you still need to use DC/OS, we strongly suggest that you patch your DC/OS clusters and disable the oauth_enabled flag and switch to using local users, to remove your dependency on this third party service.

Craig (ex-Mesosphere/D2iQ)