Support Questions

kkanchu · ‎05-22-2017

I am trying to deploy a cluster using Cloudbreak. While, bringing up the CBD and trying to login to the cloudbreak UI, I am getting the error "Incorrect email/password or account is disabled."

The logs from cbd during the time when I tried to login are as below

identity_1     | [2017-05-22 21:57:42.960] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] .... DEBUG --- ChainedAuthenticationManager: Attempting chained authentication of org.springframework.security.authentication.UsernamePasswordAuthenticationToken@33b826f9: Principal: admin@example.com; Credentials: [PROTECTED]; Authenticated: false; Details: remoteAddress=172.17.0.1, clientId=sultans; Not granted any authorities with manager:org.cloudfoundry.identity.uaa.authentication.manager.CheckIdpEnabledAuthenticationManager@31c68309 required:null
identity_1     | [2017-05-22 21:57:42.962] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] .... DEBUG --- AuthzAuthenticationManager: Processing authentication request for admin@example.com
identity_1     | [2017-05-22 21:57:43.105] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] .... DEBUG --- AuthzAuthenticationManager: Password did not match for user admin@example.com
identity_1     | [2017-05-22 21:57:43.106] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] ....  INFO --- Audit: UserAuthenticationFailure ('admin@example.com'): principal=b8ac52a4-8c11-4bae-8063-421e9e73d380, origin=[remoteAddress=172.17.0.1, clientId=sultans], identityZoneId=[uaa]
identity_1     | [2017-05-22 21:57:43.110] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] ....  INFO --- Audit: PrincipalAuthenticationFailure ('null'): principal=admin@example.com, origin=[172.17.0.1], identityZoneId=[uaa]
identity_1     | [2017-05-22 21:57:43.112] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] .... DEBUG --- ChainedAuthenticationManager: Chained authentication exception:Bad credentials at:org.cloudfoundry.identity.uaa.authentication.manager.AuthzAuthenticationManager.authenticate(AuthzAuthenticationManager.java:137)
identity_1     | [2017-05-22 21:57:43.112] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] .... DEBUG --- ChainedAuthenticationManager: Chained Authentication status of org.springframework.security.authentication.UsernamePasswordAuthenticationToken@33b826f9: Principal: admin@example.com; Credentials: [PROTECTED]; Authenticated: false; Details: remoteAddress=172.17.0.1, clientId=sultans; Not granted any authorities with manager:org.cloudfoundry.identity.uaa.authentication.manager.ChainedAuthenticationManager$AuthenticationManagerConfiguration@2e5cfbef; Authenticated:false

I observe that in the logs there credential mismatch issue that is being reported. However, the credentials that I am using are verified from the files,

1. Profile
2. /home/cloudbreak/.hdc/config
3. uaa.yml

I used the cloudbreak deployer from Amazon AMI,

AMI ID - cloudbreak-deployer-130-2016-06-15 (ami-019b5c6c)

and updated to Cloudbreak 1.14.4 using the instructions provided here,

http://sequenceiq.com/cloudbreak-docs/latest/update/#update-cloudbreak-deployer

Some useful INFO:

1. cbd doctor:

 cbd doctor
===> Deployer doctor: Checks your environment, and reports a diagnose.
uname: Linux ip-10-144-186-250 4.4.8-20.46.amzn1.x86_64 #1 SMP Wed Apr 27 19:28:52 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
local version:1.14.4
latest release:1.14.4
docker images:
 hortonworks/haveged:1.1.0
 hortonworks/socat:1.0.0
 hortonworks/cloudbreak-uaa-db:v3.6.0
 hortonworks/cloudbreak-uaa:3.6.0
 hortonworks/cloudbreak-server-db:1.2.0
 hortonworks/cloudbreak:1.14.4
 hortonworks/cloudbreak-auth:1.14.4
 hortonworks/cloudbreak-web:1.14.4
 hortonworks/cloudbreak-autoscale-db:1.2.0
 hortonworks/cloudbreak-autoscale:1.14.4
docker command exists: OK
docker client version: 1.12.6
docker client version: 1.12.6
ping 8.8.8.8 on host: OK
ping github.com on host: OK
ping 8.8.8.8 in container: OK
ping github.com in container: OK

2. cbd ps:

                  Name                                       Command                                      State                                       Ports
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
cbreak_cbdb_1                               /start postgres                             Up                                          172.17.0.1:5432->5432/tcp
cbreak_cloudbreak_1                         /start_cloudbreak_app.sh bash               Up                                          0.0.0.0:8080->8080/tcp
cbreak_consul_1                             /bin/consul agent -server  ...              Up                                          8300/tcp, 8301/tcp, 8301/udp, 8302/tcp,
                                                                                                                                    8302/udp, 0.0.0.0:8400->8400/tcp,
                                                                                                                                    0.0.0.0:8500->8500/tcp, 8600/tcp,
                                                                                                                                    172.17.0.1:53->8600/udp
cbreak_haveged_1                            haveged -F                                  Up
cbreak_identity_1                           /tmp/run.sh                                 Up                                          0.0.0.0:8089->8080/tcp
cbreak_logsink_1                            socat -u TCP-LISTEN:3333,r ...              Up                                          0.0.0.0:32773->3333/tcp
cbreak_logspout_1                           /bin/sh -c sleep 1; ROUTE_ ...              Up                                          0.0.0.0:8000->80/tcp
cbreak_mail_1                               /bin/sh -c /opt/install.sh ...              Up                                          172.17.0.1:25->25/tcp
cbreak_pcdb_1                               /start postgres                             Up                                          172.17.0.1:5433->5432/tcp
cbreak_periscope_1                          /start_periscope_app.sh                     Up                                          0.0.0.0:8085->8080/tcp
cbreak_registrator_1                        /bin/registrator consul:// ...              Up
cbreak_sultans_1                            /sultans/start-docker.sh                    Up                                          0.0.0.0:3001->3000/tcp, 3001/tcp
cbreak_traefik_1                            /traefik --debug --web --d ...              Up                                          0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp,
                                                                                                                                    0.0.0.0:8081->8080/tcp
cbreak_uaadb_1                              /start postgres                             Up                                          172.17.0.1:5434->5432/tcp
cbreak_uluwatu_1                            /uluwatu/start-docker.sh                    Up                                          0.0.0.0:3000->3000/tcp

I also tried to sign up using my personal email id with a password of my own. However, I did not see any confirmation being sent ( to my email account ) as cloudbreak mentioned. Is there a possibility to add new users using "sign up" feature in Cloudbreak UI.

Thank you,

Krishna

rdoktorics · ‎05-23-2017

Hi @kkanchu

Could you please provide some info how did you define the default username and password in your Profile file?

You can also add default user by 'cbd util add-default-user'

Br,

R

kkanchu · ‎05-23-2017

Hi @rdoktorics

export PUBLIC_IP=<IP.add.res.ss>

export UAA_DEFAULT_SECRET='<password>'

export UAA_DEFAULT_USER_PW='<password>'

Where '<password>' is something like 'badbad'

So, while entering the credentials, it is like,

username: admin@example.com

password: badbad

I also checked uaa.yml and '/home/cloudbreak/.hdc/config' which has same credentials.

-Krishna

rdoktorics · ‎05-24-2017

If you have data in your database then use:

export UAA_DEFAULT_SECRET=cbsecret2015

in your Profile.

Because the older versions on Cloudbreak used that by default.

The second what you can do is if you dont have any data in your db then drop the database with:

cbd kill
cbd delete
cbd generate
cbd start

Br,

R

kkanchu · ‎05-24-2017

@rdoktorics I do have the property UAA_DEFAULT_SECRET mentioned in the Profile. Even after multiple restarts, it did not mitigate the issue. However, since it was a trial cluster that I was playing around with, I tried to follow the second way that you mentioned. Incidentally, that (second method) was mentioned by @fschneider this morning which helped me get pass the issue. Also, it was told that this process can lead to loss of configuration data which has to be followed with caution.

schferenc · ‎05-24-2017

@kkanchu

Why do you use the AMI ID - cloudbreak-deployer-130-2016-06-15(ami-019b5c6c) image?

There are images with the new version of cloudbreak-deployer: http://sequenceiq.com/cloudbreak-docs/latest/aws/#cloudbreak-deployer-aws-image-details

kkanchu · ‎05-24-2017

@fschneider There was no specific reason. In fact, I searched in for CBD AMI in AWS and I picked the latest date that was mentioned in the image name. Yes, I missed the latest images that were mentioned in the documentation

Support Questions

Cloudbreak UI "Incorrect email/password or account is disabled."