search

TencentBlueKing / legacy-bk-paas

蓝鲸智云PaaS平台(BlueKing PaaS)
https://bk.tencent.com
Other
874 stars 373 forks source link

本地启动login组件后访问报错 #888

Closed Ary0075 closed 2 years ago

Ary0075 commented 2 years ago

BUG反馈还是需求提交(Is this a BUG REPORT or FEATURE REQUEST)? (choose one):

BUG反馈

PaaS/PaaSAgent版本(The versions used):

发生了什么(What happened):

我尝试按照文档 蓝鲸登录接入企业内部登录 对login模块进行本地开发,启动后访问报错 image

期望是什么(What you expected to happen):

正常访问登陆页面

如何复现(How to reproduce it):

  1. clone代码,切换至tag:2.12.25 ,将bk-PaaS/paas2/login拷贝至login目录,将工作目录切换至login目录
  2. 注释./requirements.txt中第8行(uWSGI相关)
  3. 运行pip install -r ./requirements.txt下载依赖
  4. 运行python manage.py migrate初始化数据库
  5. 修改./conf/settings_development.py中的数据库配置
  6. 运行python manage.py runserver dev.paas.open.bking.com:8000启动
  7. 访问http://dev.paas.open.bking.com:8000/ (已修改hosts)

./requirements.txt

django==1.8.19
django-braces==1.13.0
dj-static==0.0.6
pycrypto==2.6.1
requests==2.21.0
pymysql==0.6.7
gunicorn==19.9.0
# uWSGI==2.0.13.1
xlrd==1.0.0
xlwt==1.1.2
gevent==1.1.2
pytz==2016.6.1
python-dateutil==2.6.0
django_oauth_toolkit==0.12.0
django-decorator-include==1.3
cachetools==3.1.1

# for config
django-environ==0.4.5
# prometheus metrics
django-prometheus==1.0.15

./conf/settings_development.py

# -*- coding: utf-8 -*-
"""
Tencent is pleased to support the open source community by making 蓝鲸智云PaaS平台社区版 (BlueKing PaaS
Community Edition) available.
Copyright (C) 2017-2018 THL A29 Limited, a Tencent company. All rights reserved.
Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at http://opensource.org/licenses/MIT
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
"""

"""
开发环境配置
"""

DEBUG = True

# use the static root 'static' in production envs
if not DEBUG:
    STATIC_ROOT = "static"

SITE_URL = "/"

# 数据库配置信息
DATABASES = {
    "default": {
        "ENGINE": "django.db.backends.mysql",  # 默认用mysql
        "NAME": "open_paas",
        "USER": "root",
        "PASSWORD": "myrootpassword",
        "HOST": "10.167.168.xxx",
        "PORT": "3306",
    }
}

# domain
PAAS_DOMAIN = "dev.paas.open.bking.com:8000"
# inner domain, use consul domain,  for api
PAAS_INNER_DOMAIN = ""
HTTP_SCHEMA = "http"

# cookie访问域
BK_COOKIE_DOMAIN = ".bking.com"

# 初始化用户名、密码
USERNAME = "admin"
PASSWORD = "admin"

# 用户管理内部接口地址
BK_USERMGR_HOST = ""

# ESB Token
ESB_TOKEN = ""

CERTIFICATE_DIR = "/"
CERTIFICATE_SERVER_DOMAIN = "127.0.0.1"

相关的日志详情(访问日志及应用日志: paas.log/login.log/esb.log/esb_api.log)和截图等(Log & Screenshot):

Traceback (most recent call last):
  File "C:\Python27\lib\wsgiref\handlers.py", line 85, in run
    self.result = application(self.environ, self.start_response)
  File "C:\Python27\lib\site-packages\django\contrib\staticfiles\handlers.py", line 63, in __call__
    return self.application(environ, start_response)
  File "C:\Python27\lib\site-packages\dj_static.py", line 83, in __call__
    return self.application(environ, start_response)
  File "C:\Python27\lib\site-packages\django\core\handlers\wsgi.py", line 177, in __call__
    signals.request_started.send(sender=self.__class__, environ=environ)
  File "C:\Python27\lib\site-packages\django\dispatch\dispatcher.py", line 189, in send
    response = receiver(signal=self, sender=sender, **named)
  File "C:\Python27\lib\site-packages\django\db\__init__.py", line 64, in close_old_connections
    conn.close_if_unusable_or_obsolete()
  File "C:\Python27\lib\site-packages\django\db\backends\base\base.py", line 403, in close_if_unusable_or_obsolete
    self.close()
  File "C:\Python27\lib\site-packages\django\db\backends\base\base.py", line 191, in close
    self.validate_thread_sharing()
  File "C:\Python27\lib\site-packages\django\db\backends\base\base.py", line 421, in validate_thread_sharing
    % (self.alias, self._thread_ident, thread.get_ident()))
DatabaseError: DatabaseWrapper objects created in a thread can only be used in that same thread. The object with alias 'default' was created in thread id 3880 and this is thread id 98695432.
[22/Apr/2022 10:10:43] "GET /favicon.ico HTTP/1.1" 500 59

备注(Anything else we need to know):

./wsgi.py文件第17行由

由
monkey.patch_all()
修改为(或直接注释掉)
monkey.patch_all(thread=False)

后不再报错,但是所有请求被重定向,页面样式混乱 image

[22/Apr/2022 11:01:02] "GET / HTTP/1.1" 200 26018
[22/Apr/2022 11:01:02] "GET /static/css/bk.min.css HTTP/1.1" 302 0
[22/Apr/2022 11:01:02] "GET /static/assets/bk-icon-2.0/iconfont.css HTTP/1.1" 302 0
[22/Apr/2022 11:01:02] "GET /jsi18n/i18n/ HTTP/1.1" 302 0
[22/Apr/2022 11:01:02] "GET /static/css/login.min.css?v=0.2.3 HTTP/1.1" 302 0
[22/Apr/2022 11:01:02] "GET /static/assets/jquery-1.10.2.min.js HTTP/1.1" 302 0
[22/Apr/2022 11:01:02] "GET /static/js/login.min.js?v=0.2.3 HTTP/1.1" 302 0
[22/Apr/2022 11:01:02] "GET /login/?c_url=/login/static/css/bk.min.css HTTP/1.1" 404 4012
[22/Apr/2022 11:01:02] "GET /login/?c_url=/login/static/assets/bk-icon-2.0/iconfont.css HTTP/1.1" 404 4029
[22/Apr/2022 11:01:02] "GET /login/?c_url=/login/static/img/logo/btn_cn.png HTTP/1.1" 404 4017
[22/Apr/2022 11:01:02] "GET /login/?c_url=/login/jsi18n/i18n/ HTTP/1.1" 404 4003
[22/Apr/2022 11:01:02] "GET /login/?c_url=/login/static/css/login.min.css%3Fv%3D0.2.3 HTTP/1.1" 404 4027
[22/Apr/2022 11:01:02] "GET /login/?c_url=/login/static/assets/jquery-1.10.2.min.js HTTP/1.1" 404 4025
[22/Apr/2022 11:01:02] "GET /static/img/logo/logo_cn.svg HTTP/1.1" 302 0
[22/Apr/2022 11:01:02] "GET /static/img/logo/btn_cn.png HTTP/1.1" 302 0
[22/Apr/2022 11:01:02] "GET /login/?c_url=/login/static/js/login.min.js%3Fv%3D0.2.3 HTTP/1.1" 404 4025
[22/Apr/2022 11:01:02] "GET /static/img/logo/logo_cn.svg HTTP/1.1" 302 0
[22/Apr/2022 11:01:02] "GET /static/img/logo/btn_cn.png HTTP/1.1" 302 0
[22/Apr/2022 11:01:02] "GET /login/?c_url=/login/static/img/logo/logo_cn.svg HTTP/1.1" 404 4018
[22/Apr/2022 11:01:02] "GET /login/?c_url=/login/static/img/logo/btn_cn.png HTTP/1.1" 404 4017
[22/Apr/2022 11:01:02] "GET /login/?c_url=/login/static/img/logo/logo_cn.svg HTTP/1.1" 404 4018
[22/Apr/2022 11:01:02] "GET /login/?c_url=/login/static/img/logo/btn_cn.png HTTP/1.1" 404 4017

其他版本测试

希望得到的帮助

  1. 排查的思路、方向
  2. 相关文档
  3. 相关的配置或代码
wklken commented 2 years ago

注解掉 wsgi.py 中的 (本地用python manange.py运行会报错, 这里的配置是给服务器uwsgi或gunicorn启动准备的)

https://github.com/Tencent/bk-PaaS/blob/f44f7ab89053815784a665f8801dd12457eaef74/paas2/login/wsgi.py#L14-L17

Ary0075 commented 2 years ago

注解掉 wsgi.py 中的 (本地用python manange.py运行会报错, 这里的配置是给服务器uwsgi或gunicorn启动准备的)

https://github.com/Tencent/bk-PaaS/blob/f44f7ab89053815784a665f8801dd12457eaef74/paas2/login/wsgi.py#L14-L17

嗯,我试过注释掉这部分,效果和加thread=False是一样的,访问主页的资源都302了

wklken commented 2 years ago

https://github.com/wklken/bk-PaaS/blob/f44f7ab89053815784a665f8801dd12457eaef74/paas2/login/bkauth/middlewares.py#L59

https://github.com/wklken/bk-PaaS/blob/f44f7ab89053815784a665f8801dd12457eaef74/paas2/login/bkauth/middlewares.py#L93

本地开发, 这两个地方改成:

 if full_path.startswith(settings.STATIC_URL) or full_path == "/robots.txt" or "/static/" in full_path:
Ary0075 commented 2 years ago

厉害!页面可以正常显示了,但是页面上还有一些问题:

  1. 提示企业证书校验无效,请联系系统管理员处理

  2. 无法输入用户名和密码 image

  3. 点击部分按钮会404,如忘记密码、切换中英文,错误页面显示的Request URL比实际请求的地址多了一段/login image

image

关于第3点我做了以下尝试:

https://github.com/wklken/bk-PaaS/blob/f44f7ab89053815784a665f8801dd12457eaef74/paas2/login/bkauth/middlewares.py#L63 https://github.com/wklken/bk-PaaS/blob/f44f7ab89053815784a665f8801dd12457eaef74/paas2/login/bkauth/middlewares.py#L97-102

将这两个地方替换成

        if full_path.startswith(settings.STATIC_URL) or full_path == "/robots.txt" or "/static/" in full_path:
        if full_path in [
            settings.SITE_URL + "i18n/setlang/",
            "/i18n/setlang/",
            settings.SITE_URL + "jsi18n/i18n/",
            "/jsi18n/i18n/",
        ] or "/i18n/setlang/" in full_path or "jsi18n/i18n/" in full_path:

切换中英文的功能可以正常运行了,但是忘记密码还是不可用

我的疑问

  1. 如何解决无法输入用户名密码的问题
  2. Request URL为什么会多一段/login
wklken commented 2 years ago
  1. 线上环境, 登录服务的访问地址是 http://{}/login/, nginx做的反向代理, 本地开发不是子路径的方式(默认SITE_URL是/login/, 可以看下本地开发配置文件的配置https://github.com/Tencent/bk-PaaS/blob/develop/paas2/login/conf/settings_development.py#L23
  2. 本地没有证书服务, 证书校验逻辑直接返回True, 代码位置 https://github.com/Tencent/bk-PaaS/blob/develop/paas2/login/common/license.py#L90
Ary0075 commented 2 years ago

完美解决!感谢!

wklken commented 2 years ago

ok, close