Login doesnt work
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
skyline apiserver |
Fix Released
|
Undecided
|
Shuai Qian |
Bug Description
Hallo,
I made a testinstallation for Openstack Antelope, everything is working fine.
Login on Horizon works without issuses.
I installed the skyline-api from github.
after: make build
the start over the script start_service, the skyline starts without problems.
The connection to port 9999 for the skyline frontend works, also it shows Region and Project.
But then login doesnt work, the frontend says "Username or Password incorrect".
The logs doenst cover that message,nowhere I can find an error message.
Has anyone an idea what that can be ?
Thanks a lot.
Alex
Shuai Qian (iauhsnaiq) wrote : | #1 |
Alexander Luedtke (alexluedtke) wrote : Re: [Bug 2025755] Re: Login doesnt work | #2 |
Hi Qian,
On 12.07.23 05:07, Shuai Qian wrote:
> Hello Alex, you clould check if you set your domains in openstack.
> domains in the configuration would be ignored in the domain list api, so let your domains out of it first.
in the Webinterface the Doamin is shown correctly neither I enter it in
the skyline.yaml or not.
>
> and then confirm your keystone service name is 'keystone', in case that
> the same problem as other issue.
>
> if it still doesn't work, you cloud show me results of the following commands:
> - docker inspect skyline | grep skyline
....
[root@localhost ~(keystone)]# docker inspect skyline | grep skyline
Emulate Docker CLI using podman. Create /etc/containers
quiet msg.
"ca3b13fd9ae8e0
"6e6a6ea46dd246
"ca3b13f_
"ca3b13fd9ae8e0
"6e6a6ea46dd246
"ca3b13f_
skyline.
skyline.
skyline.
RSION}",
dir:804c67bec4a
/skyline-apiserver/ ",
file:bc86f8264b
/etc/skyline/
file:b9f040a259
/etc/skyline/
GIT_COMMIT=
GIT_CONSOLE_
RELEASE_
PACKAGE_URL=https:/
/bin/sh -c export LANG=C.UTF-8 && apt-get update -y && apt-get
install -y --no-install-
oninteractive apt-get install -y gcc make nginx traceroute lsof
iputils-ping vim git wget curl locales-all ssl-cert python3
python3-pip python3-dev python3-venv && rm -rf /usr/bin/python
/usr/bin/pip && ln -s /usr/bin
/python3 /usr/bin/python && ln -s /usr/bin/pip3 /usr/bin/pip &&
mkdir -p /etc/skyline/
/skyline-apiserver && git init && cd / && pip install
skyline-apiserver/ -chttps://
releases.
Shuai Qian (iauhsnaiq) wrote : | #3 |
Hello Alex, have you seen any error from the debug tool in browser (F12)?
if not, I'm sorry to say that it's a little hard to debug in the situation, because there would be many reasons for logging failed, so skyline just catch errors but no any logs for now.
And I only can suggest you try to deploy again in the different level,skyline service or other services, host operating system, changing images and something like that.
This would be get improved in the future.
Alexander Luedtke (alexluedtke) wrote : | #4 |
Hi Qian,
Only thing I could see in the Browser is:
GEThttp:
Status
401
Unauthorized
VersionHTTP/1.1
Übertragen225 B (68 B Größe)
Referrer Policystrict-
GEThttp:
Status
401
Unauthorized
VersionHTTP/1.1
Übertragen225 B (68 B Größe)
Referrer Policystrict-
just in Case here are the Log Files of the test system:
==> /var/log/
2023-07-25 14:05:46.556 | INFO |
skyline_
floating-
2023-07-25 14:05:46.556 | INFO |
skyline_
fwaas_v2 resource could not be found.
2023-07-25 14:05:46.556 | INFO |
skyline_
resource could not be found.
2023-07-25 14:05:46.557 | INFO |
skyline_
resource could not be found.
==> /var/log/
[2023-07-25 14:05:46 +0200].965 2519 INFO [-] - "POST /api/v1/login
HTTP/1.0" 200
==> /var/log/
127.0.0.1 - - [25/Jul/
/api/openstack/
"http://
1; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" "-"
==> /var/log/
[2023-07-25 14:05:46 +0200].987 2516 INFO [-] - "GET /api/v1/profile
HTTP/1.0" 401
==> /var/log/
127.0.0.1 - - [25/Jul/
/api/openstack/
"http://
1; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" "-"
==> /var/log/
[2023-07-25 14:05:46 +0200].989 2519 INFO [-] - "GET /api/v1/policies
HTTP/1.0" 401
==> /var/log/
127.0.0.1 - - [25/Jul/
/api/openstack/
"http://
11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" "-"
Keystone.log:
2023-07-25 14:05:45.095036 2023-07-25 14:05:45.094 1953 WARNING
keystone.
req-25fda048-
password to algorithm specific maximum length 54 characters.\x1b[00m
guess the keystone Warning doesnt matter as it working on horizon ...
Any idea what else I can check ??
Thanks for your help !
best Regards
Alex
On 21.07.23 12:47, Shuai Qian wrote:
> Hello Alex, have you seen any error from the debug tool in browser
> (F12)?
>
> if not, I'm sorry to say that it's a little hard to debug in the
> situation, because there would be many reasons for logging failed, so
> skyline just catch errors but no any logs for now.
>
> And I only can suggest you try to deploy again in the different
> level,skyline service or other service...
Shuai Qian (iauhsnaiq) wrote : | #5 |
Indeed there is no helpful log, and I also cloud not get other resolution but debugging step by step.
In addition I recommend you deploy openstack and skyline in same effective tools like kolla-ansible, which would help you handle the conplex configuration.
FYI: https:/
Satish Patel (satish-txt) wrote : | #6 |
- Screenshot 2023-08-07 at 7.21.21 PM.png Edit (157.7 KiB, image/png)
I am having similar issue. I tried on different OS but same issue. I have attached screenshot of Developer Tool of browser.
This is serious issue with skyline. I am using sqlite DB in my case.
Satish Patel (satish-txt) wrote : | #7 |
I have noticed my sqlite db file is always empty inside skyline docker container
root@os-ctrl1:/# ls -l /tmp/skyline.db
-rw-r--r-- 1 root root 0 Aug 8 03:41 /tmp/skyline.db
Satish Patel (satish-txt) wrote : | #8 |
Update:
When I switched from sqlite to mysql DB then it works and I was able to login into UI. But when I use normal user account then getting following error in logs. And in UI getting error. ( Admin account working without error). Do I need to give some special permission to end-users?
{
"message": "You don't have access to get instances.",
"status": 401
}
2023-08-08 04:49:04.869 | DEBUG | keystoneauth1.
2023-08-08 04:49:04.912 | DEBUG | urllib3.
2023-08-08 04:49:04.913 | DEBUG | keystoneauth1.
2023-08-08 04:49:04.914 | DEBUG | skyline_
Changed in skyline-apiserver: | |
assignee: | nobody → Wu Wenxiang (wu-wenxiang) |
Wu Wenxiang (wu-wenxiang) wrote : | #9 |
@satish & @alex
I had tried to re-produce this issue, but anything normal.
Steps:
1. Install AIO openstack AA version with kolla-ansible
2. Run skyline with master codes
openstack domain create test-domain
openstack user create --domain test-domain --password-prompt test-user
openstack project create --domain test-domain test-project
openstack role add --project test-project --project-domain test-domain --user test-user --user-domain test-domain member
curl -i -X 'POST' \
'http://
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"region": "RegionOne",
"username": "test-user",
"domain": "test-domain",
"password": "test-password"
}'
HTTP/1.1 200 OK
date: Wed, 09 Aug 2023 06:36:48 GMT
server: uvicorn
content-length: 1249
content-type: application/json
set-cookie: session=
set-cookie: time_expired=
{"keystone_
curl -i 'http://
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Cookie: session=
Wu Wenxiang (wu-wenxiang) wrote : | #10 |
I'll test docker image then, & update you ASAP
Wu Wenxiang (wu-wenxiang) wrote : | #11 |
I also tried docker.
I think the differences is skyline.yaml, give my diff as blow.
# diff etc/skyline.yaml etc/skyline.
27c27
< keystone_url: http://
---
> keystone_url: http://
53c53
< system_project: admin
---
> system_project: service
58,59c58,59
< system_user_name: admin
< system_
---
> system_user_name: skyline
> system_
Operation log as below:
-------
root@wwx-
root@wwx-
Unable to find image '99cloud/
2023.1: Pulling from 99cloud/skyline
Digest: sha256:
Status: Downloaded newer image for 99cloud/
f65f3c13980905e
root@wwx-
+ echo '/usr/local/
+ mapfile -t CMD
++ xargs -n 1
++ tail /run_command
+ [[ -n 0 ]]
+ cd /skyline-apiserver/
+ make db_sync
alembic -c skyline_
2023-08-09 08:07:00.159 | INFO | alembic.
2023-08-09 08:07:00.159 | INFO | alembic.
2023-08-09 08:07:00.462 | INFO | alembic.
+ exit 0
root@wwx-
skyline_bootstrap
root@wwx-
3ed7ff039621085
Changed in skyline-apiserver: | |
status: | New → Incomplete |
Alexander Luedtke (alexluedtke) wrote : | #12 |
I changed the skyline.yaml, as described, exept the keytone_url, as the
UI shows, Regione and Project, what it doesnt do if it doesnt have
access to keystone .... (had this problem at first ...)
But one littel thing ..
As Im accessing the Skyline UI on http:// over an SSH tunnel, might it
be that the skyline doesnt allow that so that we get the error in the
Browser [HTTP/1.1 401 Unauthorized 6ms
May it be that this does only work with https ??
On 09.08.23 10:18, Wu Wenxiang wrote:
> I also tried docker.
> docker.
>
> I think the differences is skyline.yaml, give my diff as blow.
>
> # diff etc/skyline.yaml etc/skyline.
> 27c27
> < keystone_url:http://
> ---
>> keystone_url:http://
> 53c53
> < system_project: admin
> ---
>> system_project: service
> 58,59c58,59
> < system_user_name: admin
> < system_
> ---
>> system_user_name: skyline
>> system_
>
> Operation log as below:
> -------
>
> root@wwx-
> mkdir /var/log/skyline
>
> root@wwx-
> Unable to find image '99cloud/
> 2023.1: Pulling from 99cloud/skyline
> Digest: sha256:
> Status: Downloaded newer image for 99cloud/
> f65f3c13980905e
>
> root@wwx-
> + echo '/usr/local/
> + mapfile -t CMD
> ++ xargs -n 1
> ++ tail /run_command
> + [[ -n 0 ]]
> + cd /skyline-apiserver/
> + make db_sync
> alembic -c skyline_
> 2023-08-09 08:07:00.159 | INFO | alembic.
> 2023-08-09 08:07:00.159 | INFO | alembic.
> 2023-08-09 08:07:00.462 | INFO | alembic.
> + exit 0
>
> root@wwx-
> skyline_bootstrap
>
> root@wwx-
> 3ed7ff039621085
>
--
Alexander Luedtke
Systemadministrator
Technische Universität München
TUM School of Computation, Information and Technology
Chair of IT Security
Garching Boltzmannstr. 3
Room 01.08.036
85748 Garching b. Muenchen
Tel. +49 89 289 18039
www.sec.in.tum.de
Wu Wenxiang (wu-wenxiang) wrote : | #13 |
@Alex
Web Browser -- HTTP with 9999 port --> Skyline ---> HTTP endpoint?
HTTP is OK for me, according to the operation log I posted before.
What do you mean by "accessing the Skyline UI on http:// over an SSH tunnel"?
Alexander Luedtke (alexluedtke) wrote : | #14 |
SSH Tunnel:
SSH -L with that you can access ports on an Remote System (in my case
an lokal VM ...) without having remote access to the port you want ...
very usefull in test cases ...
But anyway if http should work that isnt the issue :-(
On 09.08.23 11:36, Wu Wenxiang wrote:
> @Alex
>
> Web Browser -- HTTP with 9999 port --> Skyline ---> HTTP endpoint?
>
> http://
>
> HTTP is OK for me, according to the operation log I posted before.
>
> What do you mean by "accessing the Skyline UI on http:// over an SSH
> tunnel"?
>
--
Alexander Luedtke
Systemadministrator
Technische Universität München
TUM School of Computation, Information and Technology
Chair of IT Security
Garching Boltzmannstr. 3
Room 01.08.036
85748 Garching b. Muenchen
Tel. +49 89 289 18039
www.sec.in.tum.de
Satish Patel (satish-txt) wrote : | #15 |
@Wu
This is my skyline.yaml file
#################
default:
access_
access_
cors_
#database_url: sqlite:
database_url: mysql:/
debug: true
log_dir: /var/log/skyline
log_file: skyline.log
prometheus_
prometheus_
prometheus_
prometheus_
secret_key: aCtmgbcUqYUy_
session_name: session
ssl_enabled: false
openstack:
base_domains:
- heat_user_domain
default_region: RegionOne
enforce_
extension_
floating-
fwaas_v2: neutron_firewall
qos: neutron_qos
vpnaas: neutron_vpn
interface_type: public
keystone_url: http://
nginx_prefix: /api/openstack
reclaim_
service_mapping:
baremetal: ironic
compute: nova
container: zun
container-
database: trove
identity: keystone
image: glance
key-manager: barbican
load-balancer: octavia
network: neutron
object-store: swift
orchestration: heat
placement: placement
sharev2: manilav2
volumev3: cinder
sso_enabled: false
sso_protocols:
- openid
sso_region: RegionOne
system_
- admin
- system_admin
system_project: service
system_
system_
- system_reader
system_
system_user_name: skyline
system_
setting:
base_settings:
- flavor_families
- gpu_models
- usb_models
flavor_families:
- architecture: x86_architecture
categories:
- name: general_purpose
properties: []
- name: compute_optimized
properties: []
- name: memory_optimized
properties: []
- name: high_clock_speed
properties: []
- architecture: heterogeneous_
categories:
- name: compute_
properties: []
- name: visualization_
properties: []
gpu_models:
- nvidia_t4
usb_models:
- usb_c
############
My problem is if I login as admin then everything works!! But for normal account (end-user) I am able to login in UI but when I click any instance or anything it throwing access error and in logs its showing me following:
2023-08-08 04:49:04.869 | DEBUG | keystoneauth1.
2023-08-08 04:49:04.912 | DEBUG | urllib3.
2023-08-08 04:49:04.913 | DEBUG | keystoneauth1.
2023-08-08 04:49:04.914 | DEBUG | skyline_
That is clear that skyline doesn't passing proper token or authorization when ...
Wu Wenxiang (wu-wenxiang) wrote (last edit ): | #16 |
@Satish
1. Which version of skyline you used? if docker image, u can `docker inspect skyline | grep skyline` to check.
2. Could you upload the Chrome Dev (F12) logs & skyline/keystone logs, which cover the issue re-produced? It' better if you can point the issue timestamp in your uploaded logs.
Based on these logs: '2023-08-08 04:49:04.914 | DEBUG | skyline_
The logics:
1. Try to access as system scope
2. if user is not authorized to access the system scope, then just ignore the exception and use the user_context as is.
so these logs is normal.
I think we could find clues based on your F12/Skyline/
Wu Wenxiang (wu-wenxiang) wrote : | #17 |
Wu Wenxiang (wu-wenxiang) wrote : | #18 |
@Alex,@Satish
I couldn't reproduce this issue with Master or 2023.1 version, either running skyline by container image or by sources.
OpenStack use kolla-ansible 2023.1
So next step, we could collect logs to find clues.
Please tell me if have any problems during collecting F12/Skyline/
James Black (hamburgler) wrote : | #20 |
^ nm i had resolved this somehow on another level and now can no longer reproduce
think maybe dependency issues
James Black (hamburgler) wrote : | #21 |
```
2023-08-11 23:25:06.059 | DEBUG | keystoneauth1.
2023-08-11 23:25:06.059 | DEBUG | urllib3.
2023-08-11 23:25:06.300 | DEBUG | urllib3.
2023-08-11 23:25:06.301 | DEBUG | keystoneauth1.
James Black (hamburgler) wrote (last edit ): | #22 |
I have built from source on both 20.04 and 22.04 Antelope branch, and believe I have found the issue.
pip SQLAlchemy==1.4.41 needs to be pinned to this version (I didn't try everything between 1.4.49) but 1.4.49 and greater do not work and cause the login issue.
When I set this to 1.4.41 immediately works.
Changed in skyline-apiserver: | |
assignee: | Wu Wenxiang (wu-wenxiang) → Shuai Qian (iauhsnaiq) |
SK (msalmanmasood) wrote : | #23 |
@james how to fix this issue in dockerized installaiton, if this is the case?
SK (msalmanmasood) wrote : | #24 |
following exception found in the logs
2023-08-18 04:15:47.064 | WARNING | skyline_
SK (msalmanmasood) wrote : | #25 |
was hitting this bug; https:/
moving to train release works for me!
Shuai Qian (iauhsnaiq) wrote : | #26 |
yes, the lowest version we support for openstack is train.
Khoi (khoinh5) wrote : | #27 |
Hello.
I got this problem too.
On web browser
GET http://
GET http://
"detail":"not enough values to unpack (expected 5, got 4)"}(skyline)
My environment:
Ubuntu 22.04
Openstack yoga and zed deployed by kolla-ansible.
Skyline APIserver and Console were installed from source code.
Skyline with docker works like charm.
Shuai Qian (iauhsnaiq) wrote : | #28 |
hi Khoi,
if you deploy openstack in kolla-ansible, I recommend you also deploy skyline in that,
set enable_skyline in globals.yml and execute kolla-ansible deploy -i <your-inventory> -t skyline deploy
Satish Patel (satish-txt) wrote : | #29 |
@Shuai
I did following but nothing happened, Do i need to do anything in inventory?
$ kolla-ansible -i multinode deploy -t skyline
Satish Patel (satish-txt) wrote : | #30 |
I am using Zed release of kolla-ansible.
Alexander Luedtke (alexluedtke) wrote : | #31 |
Am 08.09.23 um 22:50 schrieb Satish Patel:
> @Shuai
>
> I did following but nothing happened, Do i need to do anything in
> inventory?
>
> $ kolla-ansible -i multinode deploy -t skyline
>
Hi, had the same problem as I tryed kolla-ansible shortly, tip - there
is an skyline option in the global.yml which is by default set to no.
--
Alexander Luedtke
Systemadministrator
Technische Universität München
TUM School of Computation, Information and Technology
Chair of IT Security
Garching Boltzmannstr. 3
Room 01.08.036
85748 Garching b. Muenchen
Tel. +49 89 289 18039
www.sec.in.tum.de
Shuai Qian (iauhsnaiq) wrote : | #32 |
@Satish
yes, kolla-ansible for zed release is ok, which is able to deploy skyline.
and have you set configuration item `enable_
Satish Patel (satish-txt) wrote : | #33 |
Just to close the loop here. My issue was _member_ vs member role issue with skyline. Patch is already committed - https:/
tomasz (chendynski) wrote (last edit ): | #34 |
Hi All,
@Khoi (khoinh5)
Installing the package:
the highest version that works for me is 1.4.41. There is some problem with version 1.4.42 and up.
regards
Shuai Qian (iauhsnaiq) wrote : | #35 |
@tomasz thanks for your validation. it's really helpful
Kim HyoBin (hbkimokestro) wrote (last edit ): | #36 |
This needs to be patched.
For better contribution, the version should be clearly stated.
env
OS : ubuntu 22.04
openstack : yoga
(This problem will occur if you install without using docker.)
When installed in the above environment,
the sqlalchemy package will be installed in versions 1.3 between1.5 due to the influence of the databases package. (defualt install version 1.4.51) need to <=1.4.41
However, sqlalchemy version 2.0 has been released, so additional improvements to version 1.x will be difficult.
OpenStack Infra (hudson-openstack) wrote : Fix proposed to skyline-apiserver (master) | #37 |
Fix proposed to branch: master
Review: https:/
Changed in skyline-apiserver: | |
status: | Incomplete → In Progress |
OpenStack Infra (hudson-openstack) wrote : Fix merged to skyline-apiserver (master) | #38 |
Reviewed: https:/
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit d2ed6e4b0c09d2e
Author: zhuboxiang <zhu.boxiang@
Date: Wed Jan 31 14:14:58 2024 +0800
fix: Upgrade the version of databases
For this commit https:/
The version of SQLAlchemy has been as 1.4.50
From the install_requires of databases, we need to upgrade it.
For 0.8.0 version of databases, sqlalchemy>
Closes-Bug: #1974452
Closes-Bug: #2025755
Change-Id: I4c046d2e8a8188
Changed in skyline-apiserver: | |
status: | In Progress → Fix Released |
ifsecret (imposmail) wrote : | #39 |
Hello,
env
OS: ubuntu 22.04
openstack : 2023.1 (antelope)
I set up an instance according to the information above. I git cloned the devstack to 2023.1
After logging in to the skyline interface, when I log in with the username and password, it gets stuck on the same login page, and when I examine the network with F12 inspect, I see the following errors.
Request URL:
http://
Request Method:
GET
Status Code:
401 UNAUTHORIZED
Remote Address:
10.8.135.195:9999
Referrer Policy:
strict-
As you said above, I installed it with sqlaclhemy==1.4.41, but the error is still not resolved.
Could you help me, please?
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/skyline-apiserver 4.0.0.0rc1 | #40 |
This issue was fixed in the openstack/
Hello Alex, you clould check if you set your domains in openstack. base_domains in skyline.yml
domains in the configuration would be ignored in the domain list api, so let your domains out of it first.
and then confirm your keystone service name is 'keystone', in case that the same problem as other issue.
if it still doesn't work, you cloud show me results of the following commands:
- docker inspect skyline | grep skyline
- openstack domain list
- openstack service list | grep keystone
and contents of your skyline.yml