search

allegroai / clearml

ClearML - Auto-Magical CI/CD to streamline your AI workload. Experiment Management, Data Management, Pipeline, Orchestration, Scheduling & Serving in one MLOps/LLMOps solution
https://clear.ml/docs
Apache License 2.0
5.42k stars 643 forks source link

Fixed users in `apiserver.conf` receiving `401` (Unauthorized) #1262

Closed ruipimentel closed 1 month ago

ruipimentel commented 1 month ago

Describe the bug

When trying to log in to a self hosted ClearML server with a user specified in the documentation, I kept receiving HTTP error 401 (Unauthorized).

I could only get the new users to work after a full reinstall (following this page until step 11) and creating /opt/clearml/config/apiserver.conf with hashed passwords BETWEEN steps 11 and 12, that is, before docker-compose -f /opt/clearml/docker-compose.yml up -d.

To reproduce

  1. Begin by following the server installation page, as recommended by this page.
  2. Proceed to the (next recommended page)[https://clear.ml/docs/latest/docs/deploying_clearml/clearml_server_config#using-hashed-passwords] to set up some hashed passwords in /opt/clearml/config/apiserver.conf (e.g., jane with password 123456). Don't forget to restart ClearML server.
  3. Run tail -f /opt/clearml/logs/apiserver.log to monitor when the server is done re-initializing, and to check whether the users are successfully created.
  4. Proceed to http://localhost:8080 on your web browser.
  5. Press F12 and activate the Network tab in Developer Tools.
  6. Try to sign in with one of the new credentials. In my case, I've got error "Unauthorized (invalid credentials) (failed to locate provided credentials)". 6.1 This can also be tested using curl -u jane:123456 http://localhost:8008/auth.login
  7. Once I was able to successfully set up user jane with password 123456 while tweaking users and passwords from step 2, then repeating steps 3 to 6. But it was only temporary, and after the next tweak, even jane couldn't log in anymore.

Expected behaviour

In my opinion, ClearML server should successfully accept a new password after restarting with new settings in apiserver.conf. While it does seem to TRY to do that, apparently it fails unless installation is fresh.

Environment

ainoam commented 1 month ago

@ruipimentel Sounds like the same issue discussed in #1257, and also in clearml-server/#240.

clearml-server v1.15.1 should address this.

ruipimentel commented 1 month ago

Indeed! I'm sorry, the keywords I used to search for existing issues totally missed this one.

Looking forward to the fix.

Thank you!