GitLabEE Docker Image on Kubernetes/OpenShift cannot login to Mattermost
Hi all,
I have been able to enable Mattermost UI on my Kubernetes and OpenShift environment, using the latest 10.2.5-ce.0 image. The Mattermost UI is accessible, but I cannot figure out how to login to Mattermost. The documentation states that when GitLab and Mattermost are running on the same machine, one should be able to use the GitLab credentials to login to the Mattermost UI, however both the root credentials and some custom user credentials fail with the following error in /var/log/gitlab/mattermost/mattermost.log:
[2017/12/23 00:08:27 UTC] [EROR] /api/v4/users/login:SqlUserStore.GetForLogin code=400 rid=fcx65ixe1bfgtq9d3kkmku5smo uid= ip=193.244.85.201 We couldn't find an existing account matching your credentials. This team may require an invite from the team owner to join. [details: ]
I have configured 2 separate DB's for GitLab (gitlab_production) and Mattermost (mattermost_production), which are externalised on separate POD's (Postgres docker images with persistency).
I have tried to enable Mattermost as an OAUTH2 application as documented on https://docs.mattermost.com/deployment/sso-gitlab.html, but this not change much. When I login on my Postgres POD (docker image instance) and connect to the local DB using PSQL, all tables are empty, so I do not understand how Mattermost is supposed to login using OAuth2 over GitLab.
My omnibus configuration looks like this, which is started building up top down, but still did not get the magic combo:
registry_external_url "https://#{docker_hostname}:5001"; mattermost_external_url "http://#{mattermost_hostname}"; mattermost['sql_driver_name'] = 'postgres'; mattermost['sql_data_source'] = 'user=${POSTGRESQL_USER} password=${POSTGRESQL_PASSWORD} host=mattermost-postgresql port=5432 dbname=mattermost_production sslmode=disable'; mattermost['service_enable_incoming_webhooks'] = true; mattermost['database_name'] = 'mattermost_production'; mattermost['service_enable_oauth_service_provider'] = true; mattermost['service_allowed_untrusted_internal_connections'] = "gitlab"; mattermost['gitlab_enable'] = false; mattermost['gitlab_id'] = "a485bc7ec0825392426b2cf4426bff554557d3238fe02781523b389e0feedffc"; mattermost['gitlab_secret'] = "22798f27a83324b14e9ffb0741a47cc29eef120c15bda19f0229305ef0152a2f"; mattermost['gitlab_scope'] = ""; mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"; mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"; mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user";
Any idea on how to proceed here? It's a bit unclear exactly how the initial login should happen to Mattermost once one is able te make it work within Docker using omnibus.
I have also tried to create a group in GitLab (again both as root and custom user) with 'Create a Mattermost team for this group" [enabled]. I always get the following error:
[2017/12/23 00:22:41 UTC] [EROR] /api/v3/oauth/gitlab/login:GetAuthorizationCode code=501 rid=ewpdqzpjnjg3uej6qwx8hk5bze uid= ip=10.5.11.51 Unsupported OAuth service provider [details: service=gitlab]
PS: one thing I find strange is that the error trace above mentions v3 of the API, while the gitlab_user_api_endpoint is pointing to a v4 API. Is that correct?