search

irods-contrib / irods-cloud-browser

DFC Web Based cloud browser
BSD 2-Clause "Simplified" License
19 stars 13 forks source link

iRODS-CLoud login issue #201

Closed vahenr closed 7 years ago

vahenr commented 7 years ago

Dear all,

I installed iRODS on a Ubuntu 14.04 server, it is running without any problem, the server has DNS name, I set a user and password for iRODS. Then I deployed the .war file on Tomcat7, it is ok I opened a web-interface and entered all required data, but when I am trying to login this is what I am getting: Authentication error please, check host, port and login information.

Could you please tell me what I am missing and help me to solve the issue.

Thank you very much in advance.

vahenr commented 7 years ago

One thing to add, that I only deployed the .war file, do I need to install more components ?

burnce commented 7 years ago

Hi Vahenr,

I find it useful to check the iRODS server's rodsLog in such cases.

The deployment process has changed a bit recently and I have not kept up myself. Look at the install.md for the version you have installed (at the repo root or in docs depending on version).

It may also be useful to create an '/etc/irods-ext/irods-cloud-backend-config.groovy' file to reduce the amount of input needed during your debugging.

Hope this helps,

Burnce

vahenr commented 7 years ago

Hi Burnce, Thanks for your reply. the version is 1.0.2.0-beta2 I will try to check the log file.

vahenr commented 7 years ago

Unfortunately there is no log with today date. irods status gives: irodsServer : Process 1333 Process 1334 irodsReServer : Process 1336

burnce commented 7 years ago

By default, the logs cycle every five days. Look at the most recent date.

If you see no lines written when you attempt to log in, the issue is with the setup of the cloud-browser or with the connectivity.

vahenr commented 7 years ago

Ok here is the error in log:

May 17 12:37:15 pid:15541 remote addresses: ip ERROR: sslInit: couldn't read certificate chain file. SSL error: error:02001002:system library:fopen:No such file or directory
May 17 12:37:15 pid:15541 remote addresses: ip ERROR: sslInit: couldn't read certificate chain file. SSL error: error:20074002:BIO routines:FILE_CTRL:system lib
May 17 12:37:15 pid:15541 remote addresses: ip ERROR: sslInit: couldn't read certificate chain file. SSL error: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
May 17 12:37:15 pid:15541 remote addresses: ip ERROR: [-]   /home/irodsbuild/irods/server/core/src/rodsAgent.cpp:594:int runIrodsAgent(sockaddr_un) :  status [SSL_INIT_ERROR]  errno [] -- message []
    [-] /home/irodsbuild/irods/lib/core/src/sockComm.cpp:132:irods::error sockAgentStart(irods::network_object_ptr) :  status [SSL_INIT_ERROR]  errno [] -- message [failed to call 'agent start']
        [-] /home/irodsbuild/irods/plugins/network/ssl/libssl.cpp:820:irods::error ssl_agent_start(irods::plugin_context &) :  status [SSL_INIT_ERROR]  errno [] -- message [couldn't initialize SSL context]

May 17 12:37:15 pid:1334  ERROR: Agent process [15541] exited with status [16]
vahenr commented 7 years ago

Just now I am not using any SSL certificate on the server.

vahenr commented 7 years ago

How can I disable SSL check for this time ? later I can enable it when I am going to use SSL cert.

burnce commented 7 years ago

If you are using PAM authentication, SSL is mandatory. Otherwise, you will need to set the SSL configuration of the server and of the cloud-browser agree not to use ssl. Server side: In the docs look for irods_client_server_negotiation Client side: In version 1.0.1, I have a setting in my /etc/irods-ext/irods-cloud-backend-config.groovy

vahenr commented 7 years ago

No I am using standard authentication mode, password access. One more thing to add, my installation is on a single server (for now I am testing the entire package)

vahenr commented 7 years ago

In irods_environment.json I have:

    "irods_client_server_negotiation": "request_server_negotiation",
    "irods_client_server_policy": "CS_NEG_REFUSE",
    "irods_cwd": "/path",
    "irods_default_hash_scheme": "SHA256",
    "irods_default_number_of_transfer_threads": 4,
    "irods_default_resource": "demoResc",
    "irods_encryption_algorithm": "AES-256-CBC",
    "irods_encryption_key_size": 32,
    "irods_encryption_num_hash_rounds": 16,
    "irods_encryption_salt_size": 8,
    "irods_home": "path",
    "irods_host": "hostname",
    "irods_match_hash_policy": "compatible",
    "irods_maximum_size_for_single_buffer_in_megabytes": 32,
    "irods_port": 1247,
    "irods_server_control_plane_encryption_algorithm": "AES-256-CBC",
    "irods_server_control_plane_encryption_num_hash_rounds": 16,
    "irods_server_control_plane_key": "key",
    "irods_server_control_plane_port": 1248,
    "irods_transfer_buffer_size_for_parallel_transfer_in_megabytes": 4,
    "irods_user_name": "username",
    "irods_zone_name": "zonename",
burnce commented 7 years ago

Since you already have irods_client_server_policy set to "CS_NEG_REFUSE" in your ~/.irods/irods_environment.json, the server should not request/allow SSL. If it is still not working, I will have to defer to more knowledgeable people.

Good luck

trel commented 7 years ago

The other setting that matters here is the equivalent setting in the cloud browser configuration

https://github.com/DICE-UNC/irods-cloud-browser/blob/master/Docs/ssl.md#set-up-the-ssl-negotiation-properties

In /etc/irods-ext/irods-cloud-backend-config.groovy set to REFUSE also:

beconf.negotiation.policy='CS_NEG_REFUSE'

Note this is a change from the default setting in https://github.com/DICE-UNC/irods-cloud-browser/blob/master/irods-cloud-backend-config.groovy

vahenr commented 7 years ago

Hi trel, Thanks a lot for your reply.

Do I need to create this file (irods-cloud-backend-config.groovy)? because I don't have it. I installed iRods and its components using apt-get.

Thank you in advance.

vahenr commented 7 years ago

And for the cloud browser I downloaded the war file and deployed it on Tomcat server I have only the following directories on the server: /var/lib/tomcat7/webapps/irods-cloud-backend With this content: actions_pop_up.html components images metadata app.css css index-async.html META-INF app.js dashboard index.html profile assets edit info_actions_pop_up.html search bower_components header.html js side_nav.html codemirror home login WEB-INF

From the web browser: http://IP:8080/irods-cloud-backend/#/login

Do I missing something ?

burnce commented 7 years ago

Yes, you need to create the file. It is described in this section of the installation instructions.

burnce commented 7 years ago

These instructions look more up to date: https://github.com/DICE-UNC/irods-cloud-browser/blob/master/Docs/install.md#optionally-configure-browser-presets---locking-the-site-down-to-just-one-zone

vahenr commented 7 years ago

I created the directory irods-ext in /etc/ and put the mentioned file in it: irods-cloud-backend-config.groovy the permission of the directory and its content: tomcat7:tomcat7 Now the login page only contains Username and password without any more fields but the same error in the log

vahenr commented 7 years ago

Dear Brunce, Thank you very much indeed, I put more line in the file beconf.negotiation.policy='CS_NEG_REFUSE' and it worked.

Thank you once again

burnce commented 7 years ago

The simpler login page is normal. The other fields are defined in the file. Did you set all the values with your configuration and set beconf.negotiation.policy? If so check the iRODS logs again.