Pacbot login issue about pacbot HOT 15 CLOSED

I can login now however I do not see any option to change password for admin and/or user. How do we or rather from where do we change the default credentials and how to create additional new users?

from pacbot.

Hello,

I am also facing the exact same issue. Installation went well and at the end it gives the ALB name and the default login credentials but I am unable to login. Is there a mechanism we can reset the password within the database (RDS). If yes, any help on the exact DB/tablename?

from pacbot.

If the install script ran then the username and password should be there and would correct.
Have you looked into the CloudWatch Logs.
Also have you checked ec2/load balancers to make sure the api lb was provisioned.
When i was installing, i bumped into errors related to the api not being there,
although i was fiddling with the tf.

Table Info can be found in DB_With_Values.sql and the tables are oauth_user, oauth_user_credentials

from pacbot.

While installing in the install log, I see the following:

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] api-commons ....................................... SUCCESS [6.039s]
[INFO] commons ........................................... SUCCESS [1.944s]
[INFO] PacMan Commons Projects ........................... SUCCESS [0.006s]
[INFO] admin-service ..................................... SUCCESS [7.911s]
[INFO] asset-service ..................................... SUCCESS [6.058s]
[INFO] config ............................................ SUCCESS [2.932s]
[INFO] compliance-service ................................ SUCCESS [6.590s]
[INFO] notification-service .............................. SUCCESS [3.322s]
[INFO] statistics-service ................................ SUCCESS [5.190s]
[INFO] auth-service ...................................... SUCCESS [2.730s]
[INFO] PacMan Api Projects ............................... SUCCESS [0.101s]
[INFO] inventoryFetch .................................... SUCCESS [26.968s]
[INFO] data-shipper ...................................... SUCCESS [4:40.602s]
[INFO] awsrules .......................................... SUCCESS [4:16.718s]
[INFO] pacman-rule-engine ................................ SUCCESS [6:35.476s]
[INFO] PacMan Jobs Projects .............................. SUCCESS [0.007s]
[INFO] PacBot UI ......................................... SUCCESS [1:28.322s]
[INFO] PacMan ............................................ SUCCESS [0.006s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 18:11.729s
[INFO] Finished at: Sun Oct 21 11:36:48 UTC 2018
[INFO] Final Memory: 367M/689M
[INFO] ------------------------------------------------------------------------

And at last I see the login details:

********** Login Domain: pacman-alb-uijobs-123456789.eu-central-1.elb.amazonaws.com
***************** Admin: [email protected] / pacman
****************** User: [email protected] / user

Now when I hit the ELB, I get "Authentication Failed. Please check your credentials". In the Cloudwatch logs, I see the following:
10.145.1.68 - - [21/Oct/2018:14:12:46 +0000] "HEAD /favicon.ico?_=1540131166427 HTTP/1.1" 200 0 "http://pacman-alb-uijobs-123456789.eu-central-1.elb.amazonaws.com/home/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063"

I checked the oauth_user table in RDS and it has properly created the entries:
MySQL [pacmandata]> select * from oauth_user;
+----+------------------+-----------+------------+-----------+------------------+---------------------+---------------------+
| id | user_id | user_name | first_name | last_name | email | created_date | modified_date |
+----+------------------+-----------+------------+-----------+------------------+---------------------+---------------------+
| 1 | [email protected] | user | user | | [email protected] | 2018-06-26 18:21:56 | 2018-06-26 18:21:56 |
| 2 | [email protected] | admin | admin | | [email protected] | 2018-06-26 18:21:56 | 2018-06-26 18:21:56 |
+----+------------------+-----------+------------+-----------+------------------+---------------------+---------------------+
2 rows in set (0.00 sec)

I tried to update passwords for both the IDs but the problem remains the same:
MySQL [pacmandata]> UPDATE oauth_user_credentials SET password=PASSWORD('pacmanadminandadmin') WHERE id='2';
Query OK, 1 row affected (0.01 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MySQL [pacmandata]> UPDATE oauth_user_credentials SET password=PASSWORD('pacmanuseranduser') WHERE id='1';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

I even tried to add a new user, assign it a password, rebooted the RDS couple of times but no change:
MySQL [pacmandata]> select * from oauth_user;
+----+------------------+-----------+------------+-----------+----------------------------+---------------------+---------------------+
| id | user_id | user_name | first_name | last_name | email | created_date | modified_date |
+----+------------------+-----------+------------+-----------+----------------------------+---------------------+---------------------+
| 1 | [email protected] | user | user | | [email protected] | 2018-06-26 18:21:56 | 2018-06-26 18:21:56 |
| 2 | [email protected] | admin | admin | | [email protected] | 2018-06-26 18:21:56 | 2018-06-26 18:21:56 |
| 3 | vasasas | vasasas | uisasas | dfdfd | [email protected] | 0000-00-00 00:00:00 | 0000-00-00 00:00:00 |
+----+------------------+-----------+------------+-----------+----------------------------+---------------------+---------------------+
3 rows in set (0.00 sec)

MySQL [pacmandata]> select * from oauth_user_credentials;
+------+-------------------------------------------+------+
| id | password | type |
+------+-------------------------------------------+------+
| 1 | *3B70875611725DBBEC28C0DD7E3F158484AE0088 | db |
| 2 | *FCA43DB90052EB7A11E499EFE490726FC59A1BE6 | db |
| 3 | *C9F5269B533E90C89B405D1058ADBBC7FEF14595 | db |
+------+-------------------------------------------+------+
3 rows in set (0.00 sec)

Also I have both the Load Balancers in place. One for application (oss-api) and one for UI (oss-ui). Application LB is an internal one whereas I wanted to have the UI LB as Internet facing so I changed the value of internal as false to the file /tmp/usr/src/pacbot/1540131500.32/installer/terraform/oss-ui/ecs-ui.tf and hence the UI LB is internet facing.

Also the APP LB had 7 to 8 target groups whereas the UI LB had 1 target group pointing to the nginx containter hosted in ECS.

I am not getting where is the issue.

from pacbot.

If you look at my original message you would see the error is not with the user credentials rather it says "Client Validation Failed". This is the response you see upon failed login.

{"success":false,"message":"Client Validation Failed!!!"}

The error message almost seems like an issue with OAuth authentication where the Client is not getting recognized. (not sure whether pacbot is using OAuth for local authentication). If indeed if its using OAuth then this could be due to 2 reasons.

• Either the client is not sending the clientID/client secret in the request. I haven't checked that closely. (Then it is an UI issue).
• The client is not getting recognized by the OAuth provider (meaning the client is not registered properly).

from pacbot.

I had this problem because the UI service was sending me to an incorrect API service endpoint. You can confirm this by using the Developer Tools in your browser and look for failed network requests in the console. In my case there was a Cross Site Scripting error.

The URL will look something like 'http://internal-pacman-alb-apijobs-661475303.ap-so….amazonaws.com' - make sure this is the same URL as your load balancer.

I had to run the destroy command, then manually (RDS, Redshift, ES ,Batch) check that everything has been properly removed (including Subnet Groups, Option Groups, Security Groups etc). I think (but am not sure) the root cause may have been that I tried to run the installation twice when it was interrupted the first time.

from pacbot.

 {"success":false,"message":"Client Validation Failed!!!"}

The above issue mostly comes if there is no client credentials details registered under oauth_client_details table.
You can find the details in the below location
https://github.com/tmobile/pacbot/blob/installer/installer/terraform/oss-api/DB.sql#L955

Please ensure this is done correctly from your part

from pacbot.

OK. I checked the database oauth_client_details and I could see the entry you referred above.

 select * from oauth_client_details;
+--------------------------------------+--------------+-----------------------------------------------+-----------------+-----------------------------------------------------------------------+-------------------------+-----------------------+-----------------------+------------------------+------------------------+-------------+
| client_id                            | resource_ids | client_secret                                 | scope           | authorized_grant_types                                                | web_server_redirect_uri | authorities           | access_token_validity | refresh_token_validity | additional_information | autoapprove |
+--------------------------------------+--------------+-----------------------------------------------+-----------------+-----------------------------------------------------------------------+-------------------------+-----------------------+-----------------------+------------------------+------------------------+-------------+
| 22e14922-87d7-4ee4-a470-da0bb10d45d3 | NULL         | csrWpc5p7JFF4vEZBkwGCAh67kGQGwXv46qug7v5ZwtKg | resource-access | implicit,authorization_code,refresh_token,password,client_credentials | NULL                    | ROLE_CLIENT,ROLE_USER |                  NULL |                   NULL | NULL                   |             |
+--------------------------------------+--------------+-----------------------------------------------+-----------------+-----------------------------------------------------------------------+-------------------------+-----------------------+-----------------------+------------------------+------------------------+-------------+

I also checked the tables oauth_user and oauth_user_credentials and could see the admin and the user records on those tables.

I again checked the developer console in the browser to look at the request being sent during the login. (/api/auth/user/login)

clientId:  pacman2_api_client
password: pacman
username: [email protected]

I don't see any reference of clientId pacman2_api_client in any of the oauth tables. Is the clientId mapped in your JS at the UI.

from pacbot.

Though I have destroyed the setup, I do remember the table oauth_client_details contained all the required entries as shown above by ramamoob. I strongly feel the clientId is mapped in your JS and that is not getting called properly.

from pacbot.

i just had a similar issue
I reproduced by having a working environment, destroying and re-building it.

I was getting a 502 Bad Gateway when calling the auth service
I checked the api and it was calling the correct alb address.
I looked into the Cloudwatch logs for the auth service and noticed this line

2018-10-28 14:52:01.208 INFO 40 --- [ main] c.c.c.ConfigServicePropertySourceLocator : Fetching config from server at: http://pacman-alb-apijobs-237502625.us-east-1.elb.amazonaws.com/api/config

java.lang.IllegalStateException: Could not locate PropertySource and the fail fast property is set, failing

And then i looked into the Config Service Cloud watch and noticed this
Fatal error: An error occurred (404) when calling the HeadObject operation: Key "config.jar" does not exist

I think there are some cases on a redeploy where the services do not fully deploy, and for me i have had to destroy and recreate in order to fix.

from pacbot.

We have added it as feature request and will be rolling out it on upcoming releases.

from pacbot.

FAQ available for adding a new user
https://github.com/tmobile/pacbot/wiki/FAQS#how-can-i-add-a-new-user-

from pacbot.

Why the issue is closed ?
What's the solutions for this Issue #20 ?
I have been trying to install the Pacbot and the whole infrastructure deployed without any failures but when trying to login it shows authentication failed ?

from pacbot.

did you followed steps mentioned here.
https://github.com/tmobile/pacbot/wiki/FAQS#how-can-i-add-a-new-user-

from pacbot.

Yes, I have followed the above steps:

still not able to login

from pacbot.