-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
rhos-16.2.z
-
None
-
False
-
-
False
-
?
-
rhos-ops-platform-services-ui
-
None
-
-
-
-
Moderate
ISSUE:
=> Customer unable to login to horizon dashboard, after they provide the credentials they are redirected back to the login page (refer screenshot "login page.PNG" and "debug.PNG" uploaded to the case).
=> Failed URL after provided the login credentials and click submit would be the one below,
http://10.34.44.250/dashboard/auth/login/?csrf_failure=CSRF%20cookie%20not%20set
TROUBLESHOOTING DONE:
=> Customer confirmed the CLI authentication works fine and the issue is specific to horizon login.
=> We did preliminary analysis and collected the horizon and keystone debug but unfortunately there is no request from horizon on the keystone logs.
=> We rechecked the provided screenshot ("login page.PNG" and "debug.PNG”) from the case again and verify whether the csrf cookie is set because the failed URL says so, we found it is not set (cookies.png uploaded to the case).
=> Customer said it doesn't seem to be browser issue, as they tried different browsers.
=> Also they are able to access the horizon of other working airgapped environment via the same browser.
=> I was checking this with engineering over the below slack channel,
https://redhat-internal.slack.com/archives/C04MXS4CEG3/p1753102916868839
=> During the remote with customer I had provided them the following workaround which helped them to login to horizon dashbaord successfully.
WORKAROUND:
=> Disable the following parameters from horizon helped customer to successfully login to horizon http URL, though we understand the below parameters are only relevant when customer uses https url for horizon.
~~~
CSRF_COOKIE_SECURE
SESSION_COOKIE_SECURE
~~~
NOTE:
=> Customer is using custom horizon container provided by Trillio,
=> Customer having another air-gapped environment with the same RHOSP version, custom container and horizon paramters (CSRF_COOKIE_SECURE and SESSION_COOKIE_SECURE) were enabled but there horizon login works fine.
=> In both the working and non working environment customer using http url only whereas https is broken according to them.
EXPECTATION:
=> Customer would like to know the detailed RCA on how disabling the parameters (CSRF_COOKIE_SECURE and SESSION_COOKIE_SECURE) relevant to https resolve the issue for http in their connected environment. Because in their other airgapped environment (one of the controller hostname - pacudssnospctrl03) the same parameters were enabled but http based horizon URL works.
LOGS (SUPPORTSHELL):
=> Sosreport of all three controllers and Debug logs from the problematic environment including debug enabled for horizon,
0060-controller02_containers_logs.tar.gz
0070-controller01_containers_logs.tar.gz
0080-controller03_containers_logs.tar.gz
0050-SOS-Reports.zip
0090-controller02__logs.tar.gz
0100-controller01__logs.tar.gz
0110-controller03__logs.tar.gz
=> sosreport from the working (air-gapped) environment,
0170-sosreport-pacudssnospctrl03-2025-07-27-icjllay.tar.xz
