Fri Jul 01, 2022 11:07 pm
Login Register Lost Password? Contact Us

Please Note: The HPCC Systems forums are moving to Stack Overflow. We invite you to post your questions on Stack Overflow utilizing the tag hpcc-ecl (https://stackoverflow.com/search?tab=newest&q=hpcc-ecl). This legacy forum will be active and monitored during our transition to Stack Overflow but will become read only beginning September 1, 2022.



Auth-Service installation issue with MySQL DB

Post questions specific to installation or configuration for the HPCC Systems platform

Wed Feb 02, 2022 3:51 am Change Time Zone

Hi,
I'm trying to install AuthService in Docker to be able to authenticate other applications.

I followed the steps in the github page, and after a while the three containers are running.
But when I try to access the UI it does not respond.
After looking at the logs I see that although the MySQL container is running is displaying these messages:

auth_mysql_db_1 | 2022-02-02T03:02:48.521696Z 4 [Note] Aborted connection 4 to db: 'authservice' user: 'admin' host: '172.22.0.3' (Got an error reading communication packets)

I've investigated a bit but there seem to be many different causes for this error depending on many different factors.
So, I'll really appreciate any help on troubleshooting this particular scenario.
I attach the logs.

Thank you!
Regards
Attachments
nginx.log
(54 Bytes) Downloaded 28 times
MySQL.log
(24.17 KiB) Downloaded 34 times
AuthService_Web.log
(4.31 KiB) Downloaded 27 times
rfernandez2007
 
Posts: 25
Joined: Mon Nov 29, 2021 2:40 pm

Wed Feb 02, 2022 3:55 pm Change Time Zone

Hello, and thanks giving HPCC a spin. I am not familiar with the Docker AuthService that you refer to, but there are a lot of HPCC specific security managers available to users. The most robust being our LDAP security manager. What are your security requirements, and hopefully I can assist you in choosing and configuring one that best suits your needs
Russ
william.whitehead
 
Posts: 27
Joined: Fri Sep 27, 2013 6:07 pm

Wed Feb 02, 2022 7:19 pm Change Time Zone

Hi Russ,
Thank you very much for your answer!
I think I failed to explain the problem correctly.
Sorry for that, and I'll start again:

I'm trying to use HPCCSystems Auth-Service:
https://github.com/hpcc-systems/Auth-Service

I chose this one because I want to install HPCCSystems RealBI :
https://github.com/hpcc-systems/REAL-BI

and

HPCCSystems Tombolo:
https://github.com/hpcc-systems/Tombolo

And from what I understood, both of them rely on having this Auth-Service installed for authentication. They have other authentication options but this HPCCSystems Auth-Service is the one they have in common.
I'm far from being an expert in security, therefore I'm quite a bit lost here.

But, if you tell me that there is an HPCCSystems LDAP that could cover the same functionality and works with these other two tools I want to install, I'll be more than happy to follow your instructions to install it and configure it.

Here is some additional information to try to further clarify the problem:

**************************************************************************************
For RealBI these are the parameters available to configure authentication in the .env file of the project.

Code: Select all
# HPCC Auth Service (https://github.com/hpcc-systems/Auth-Service)
#Required only if REACT_APP_AUTH_METHOD is set to AUTH
AUTH_URL= [ HPCC Auth Service url ]
AUTH_PORT= [ HPCC Auth Service port ]
AUTH_CLIENT_ID= [ This is a unique identifier for an application in Auth Service. Will be set up through Auth Service when a new Application is registered ]

#Microsoft AD server side token validation.
#Required only if REACT_APP_AUTH_METHOD is set to ADFS
AZURE_TENANT_ID= [ Azure Tenant ID used by passport-azure-ad package for tokens validation ]
AZURE_CLIENT_ID= [ Azure Client ID used by passport-azure-ad package for tokens validation ]


And these are the Notes for the application:

This application relies on:
A running instance of Auth Service to handle user authentication and JWT generation.
Application can use Microsoft Active Directory for authentication and authorization
An HPCC cluster containing data files.

**************************************************************************************

For Tombolo these are the parameters in the .env file :

Code: Select all
## Auth Service details
#For authentication, Tombolo uses AuthService module, which needs to be setup separetly.
AUTH_SERVICE_URL=<protocol>://<host_name>:<port>/api/auth
AUTHSERVICE_TOMBOLO_CLIENT_ID=
secret=


And these are the notes referring to authentication:

AUTH_SERVICE_URL - ( Tombolo uses Auth Service for user authentication. An existing Auth Service can be used or you may set up Auth Service separately. You can find the Authservice setup instructions here. Once you have an instance of Authservice up and running, update this value. Eg - ://<host_name>:/api/auth)
AUTHSERVICE_TOMBOLO_CLIENT_ID - (Unique id of Tombolo app in Auth Service. This will be used in the communication between Tombolo and AuthService)


All the installations I'm doing are of "on-premise" kind. By that I mean that I'm installing everything from scratch, mostly in Docker and some directly on Linux for server components, and some client tools in Windows, and I'm not using hosted services in third party providers like Azure or AWS, for databases or any other applications)

I'll really appreciate your help in troubleshooting the issue! And I'm really open to listen to options, if there are any.
Thank you very much!!
Warm regards!
Ricardo
rfernandez2007
 
Posts: 25
Joined: Mon Nov 29, 2021 2:40 pm

Wed Feb 02, 2022 9:00 pm Change Time Zone

Thanks for the update Ricardo. I have reached out to the subject matter experts and hopefully they will respond soon.
william.whitehead
 
Posts: 27
Joined: Fri Sep 27, 2013 6:07 pm

Thu Feb 03, 2022 5:15 pm Change Time Zone

Hi Russ,
Great!
I'll be waiting for their contact to be able to continue with the project.
Thank you!!
rfernandez2007
 
Posts: 25
Joined: Mon Nov 29, 2021 2:40 pm

Fri Feb 04, 2022 7:24 pm Change Time Zone

Hello Ricardo,

Thanks for reporting this issue. We were able to reproduce it at our end. It looks like an incorrect file formatting is causing the issue and we have applied a patch for it. Please pull the latest Auth-Service code and rebuild the containers. Since the changes are only in the web container, you can execute the following command to rebuild only the web container

docker-compose up -d --no-deps --build web

Please feel free to reach out to us if you need further assistance in setting it up

Thanks
Jerry
jjacob
 
Posts: 7
Joined: Fri Mar 21, 2014 7:14 pm

Tue Feb 08, 2022 12:08 am Change Time Zone

Hello Jerry,
Nice to meet you! and thank you very much for your answer!

We are getting closer ;)
The good news first.
Now when I go to http://localhost:3003/login it shows the screen with the login fields.
Great!

The not so good ones (although maybe it's just me missing something or doing something wrong in the configuration files)
The problem is that no matter what password I use, it displays a message saying login failed.
I tried many different things in the .env file and also in the ..admin-user.js, like using quotes, not using quotes and things like that.
I also connected to the MySQL database, the user admin is there and the password is obviously masked.

I'm attaching the logs from the containers with the errors, and my configuration files, to see if you are able to spot where is the mistake, or if this has its root cause somewhere else.

The error in the MySQL container remains, and maybe, there lies the persistent problem.

Code: Select all
2022-02-07T23:40:21.971260Z 2 [Note] Got an error reading communication packets

2022-02-07T23:40:22.489549Z 4 [Note] Aborted connection 4 to db: 'authservicedb' user: 'user' host: '172.26.0.3' (Got an error reading communication packets)


If I can provide any other information to help in the resolution, please let me know.

Thank you!!
Warm regards
Ricardo
Attachments
ConfigFiles.zip
(1.81 KiB) Downloaded 25 times
container logs.txt
(6.05 KiB) Downloaded 25 times
rfernandez2007
 
Posts: 25
Joined: Mon Nov 29, 2021 2:40 pm

Tue Feb 08, 2022 3:37 am Change Time Zone

Hello Jerry,

A quick update.
All the previous information is from my attempts to try the tool in my test environment. That is Docker Desktop on Windows 10.

Just in case I tried on my real target system which is ubuntu 20.04, using the same configuration and I got a similar but not equal scenario.
First, I got some warning messages during the installation, and after that same behavior, but different messages in the logs.
I attach a summary of the messages, in case they help in clarifying the situation.

Thank you
Regards
Ricardo
Attachments
Error in Linux.txt
(4.16 KiB) Downloaded 26 times
rfernandez2007
 
Posts: 25
Joined: Mon Nov 29, 2021 2:40 pm

Tue Feb 08, 2022 8:04 pm Change Time Zone

Hi Ricardo,

Thanks for sharing your config files. It looks like the .env file contains spaces and single quotes which could be causing the issue. For e.g: the DB_USERNAME value has a leading space and enclosed in single quotes. Please remove the leading spaces and quotes for property values and rebuild the containers.

Please note that docker may have preserved some of these values in the volumes. Please make sure you follow the below steps to restart the containers.

1. Stop the containers - docker stop <container id-1> <container id-2> <container id-3>
2. Run docker-compose rm -v
3. Delete mysql-data directory under the Auth-Service installed directory
4. docker-compose up -d

Please report back if you run into further issues, we can get on a call with the team to troubleshoot the issues and get you up and running

Thanks
Jerry
jjacob
 
Posts: 7
Joined: Fri Mar 21, 2014 7:14 pm

Wed Feb 09, 2022 5:35 pm Change Time Zone

Hi Jerry,
How are you?

Well, a few things:

1. You were right, there was a problem either with the quotes or the spaces.
2. After adjusting everything according to your instructions I was still unable to connect, but the error message changed to something related to the private/public key-pair.
3. I was working for a while on that, and tried generating the keys with different tools (puttygen, openssh, openssl) and the error message kept changing but always on the key-pair subject.
4. I opted for generating them both as .pem (not only the public one), but it kept failing.
5. Given the command I was using, openssl was forcing me to use a passphrase to encrypt the private key, and that turned out to be the final problem. I changed the command to generate a plain text private key, and ... hallelujah!!!! it started working.

So, thank you very much for all your help!!! You put me on the right path to get to the solution.

I'll just attach a couple of screenshots, one from the working page :-) , and the other from the MySQL errors that are still showing, and although I don't know if they are relevant, I thought it would be good that you knew about them.

Best regards!!
Ricardo
Attachments
mysql-errors.jpg
(50.07 KiB) Not downloaded yet
working-auth-service.jpg
(16.74 KiB) Not downloaded yet
rfernandez2007
 
Posts: 25
Joined: Mon Nov 29, 2021 2:40 pm


Return to Installation

Who is online

Users browsing this forum: No registered users and 1 guest

cron