search

isard-vdi / isard

Isard VDI. Open Source KVM Virtual Desktops based on KVM Linux and dockers. Please use https://gitlab.com/isard/isardvdi
http://www.isardvdi.com
GNU Affero General Public License v3.0
188 stars 57 forks source link

On a clean install the login screen is frozen #423

Closed crazynds closed 1 year ago

crazynds commented 1 year ago

After doing an installation from scratch following the steps making the (clone and running the build)[https://isardvdi.com/#get-started] after uploading the web server is frozen on this screen: image Nothing happens and nothing appears even after many hours. Refresh the page anyway. The only thing different that was done was to change the domain from localhost to the domain being displayed.

NefixEstrada commented 1 year ago

Hello! Can you please send the browser console logs and your isardvdi.cfg? Thanks! :)

crazynds commented 1 year ago

image

# Isard main config v2.2.1

# ------ Docker Compose ------------------------------------------------------

## This configuration should generate docker-compose file for the following
## flavour
## Values: (first value is the default one)
##  - all-in-one: all services except toolbox in one docker-compose file
##  - hypervisor: hypervisor and related service to access to their desktops
##  - hypervisor-standalone: hypervisor without related services
##  - video-standalone: services to access to desktops
##  - toolbox: service to manage desktops disks
##  - toolbox-base: base image for toolbox, just to improve CI/CD build
##  - web: services to manage desktops
##  - monitor: monitoring only host (grafana/loki/influxdb)
##  - backupninja: standalone backups
#FLAVOUR=all-in-one

## This configuration should generate docker-compose file for the following
## usage
## Values: (first value is the default one)
##  - production: docker-compose file without build section
##      ready to pull and up
##      (see also: https://github.com/docker/compose/issues/7873)
##  - test: like production with docker services to run tests
##  - build: like test with build section
##  - devel: like build and host source code are mounted into docker volumes
#USAGE=production

## Should stats service will be included
## Values: (first value is the default one)
##  - true: add stats service
##  - false: doesn't add stats sercice
#ENABLE_STATS=true

# ------ Domain --------------------------------------------------------------
## This server main public domain/ip.
## NOTE: In infrastructure hypervisors should be the reacheable ip/dns from 
##       isard-engine
DOMAIN=isardvdi.nextline.com.br

# ------ Admin password ------------------------------------------------------
## Initial WEB admin user password. Used also in grafana, influxdb
## and authenticated backend paths (/debug/...)
WEBAPP_ADMIN_PWD=IsardVDI

# ------ Frontend Administration Button --------------------------------------
## Will show/hide Administration menu button for users of role User.
#FRONTEND_SHOW_ADMIN_BTN=True

# ------ Frontend Bookings ---------------------------------------------------
## Will show/hide Resource bookings menu.
#FRONTEND_SHOW_BOOKINGS=False

# ------ Frontend Documentation URI ---------------------------------------------------
## Documentation URI where the user will be redirected.
FRONTEND_DOCS_URI=https://isard.gitlab.io/isardvdi-docs/

# ------ Secrets -------------------------------------------------------------
## Generate your own SECRETS!
## openssl rand -base64 32
WEBAPP_SESSION_SECRET=xq0Z3MP5ujxrQxtMGxgPiijH9xpuxkyP04R6At/V+g4=
API_ISARDVDI_SECRET=kpWpdF0NtI2XCEfzMp36hdSV9S42E7axS8D5TvP9c0A=
INFLUXDB_ADMIN_TOKEN_SECRET=9eFW/Qi29hL3hFGUP8wIGH89XKCH8s1k0il44GCRF2g=
API_HYPERVISORS_SECRET=B5/bUEUzIC+AjNQRmFh3vxR3VeIKirwdeL/xuHPVO+E=

# ------ Letsencrypt certificate ---------------------------------------------
## You can use your own certificates if you concatenate into 
## /opt/isard/certs/default/chain.pem
## You can let isard generate autosigned certs (not recommended as
## html5 viewers will not work.
## Or you can let isard generate letsencrypt certs for your domain.
## For this option to work be sure the DOMAIN points to this IP.
## To avoid using letsencrypt let this variable commented.
## The email will be used by letsencrypt to notify you expirations
## although the renovation will be automatic.
#LETSENCRYPT_EMAIL=

# ------ Authentication ------------------------------------------------------

## Local
### Local authentication against isard database
#AUTHENTICATION_AUTHENTICATION_LOCAL_ENABLED=true

## LDAP
#AUTHENTICATION_AUTHENTICATION_LDAP_ENABLED=false
#AUTHENTICATION_AUTHENTICATION_LDAP_PROTOCOL=ldap
#AUTHENTICATION_AUTHENTICATION_LDAP_HOST=
#AUTHENTICATION_AUTHENTICATION_LDAP_PORT=389

### Credentials used for querying the LDAP
#AUTHENTICATION_AUTHENTICATION_LDAP_BIND_DN=
#AUTHENTICATION_AUTHENTICATION_LDAP_PASSWORD=

### Base Search is the DN that all the users share, e.g. ou=people,dc=example,dc=com
#AUTHENTICATION_AUTHENTICATION_LDAP_BASE_SEARCH=
### Filter is the actual filter used to search users. The '%s' represents the user that is sent through the form
### More information: https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html
#AUTHENTICATION_AUTHENTICATION_LDAP_FILTER="(&(objectClass=person)(uid=%s))"

### These are the fields that the LDAP search responds. For example, in some installations, the field for the email is called 'mail'
### Then, a regex is applied to this field, in case we needed to filter inside a LDAP field. By default it collects the whole field. The 
### regex match tries to extract the first group, but if there's no group it will extract the whole match
#AUTHENTICATION_AUTHENTICATION_LDAP_FIELD_UID=
#AUTHENTICATION_AUTHENTICATION_LDAP_REGEX_UID=.*
#AUTHENTICATION_AUTHENTICATION_LDAP_FIELD_USERNAME=
#AUTHENTICATION_AUTHENTICATION_LDAP_REGEX_USERNAME=.*
#AUTHENTICATION_AUTHENTICATION_LDAP_FIELD_NAME=
#AUTHENTICATION_AUTHENTICATION_LDAP_REGEX_NAME=.*
#AUTHENTICATION_AUTHENTICATION_LDAP_FIELD_EMAIL=
#AUTHENTICATION_AUTHENTICATION_LDAP_REGEX_EMAIL=.*
#AUTHENTICATION_AUTHENTICATION_LDAP_FIELD_PHOTO=
#AUTHENTICATION_AUTHENTICATION_LDAP_REGEX_PHOTO=.*

### Auto Register the existing ldap users into IsardVDI
#AUTHENTICATION_AUTHENTICATION_LDAP_AUTO_REGISTER=false
### Try guessing the category based in the LDAP search results (must have AUTHENTICATION_AUTHENTICATION_LDAP_FIELD_CATEGORY configured)
#AUTHENTICATION_AUTHENTICATION_LDAP_GUESS_CATEGORY=false
### These are the fields that the LDAP search responds. For example, in some installations, the field for the group is called 'group'
### Then, a regex is applied to this field, in case we needed to filter inside a LDAP field. By default it collects the whole field. The 
### regex match tries to extract the first group, but if there's no group it will extract the whole match
#AUTHENTICATION_AUTHENTICATION_LDAP_FIELD_CATEGORY=
#AUTHENTICATION_AUTHENTICATION_LDAP_REGEX_CATEGORY=.*
### The base search for listing all the groups of a user
#AUTHENTICATION_AUTHENTICATION_LDAP_GROUPS_SEARCH=
### Filter is the actual filter used to search all the groups of a user. The '%s' represents the user that is sent through the form
### More information: https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html
#AUTHENTICATION_AUTHENTICATION_LDAP_GROUPS_FILTER="(&(objectClass=posixGroup)(memberUid=%s))"
# If this field is set to true, use the full DN instead of the user that is sent through the form to search for the user groups
#AUTHENTICATION_AUTHENTICATION_LDAP_GROUPS_SEARCH_USE_DN=false
### The field that contains the group in the AUTHENTICATION_AUTHENTICATION_LDAP_GROUPS_FILTER search
#AUTHENTICATION_AUTHENTICATION_LDAP_GROUPS_SEARCH_FIELD=
#AUTHENTICATION_AUTHENTICATION_LDAP_GROUPS_SEARCH_REGEX=.*
### All the users that are in at least one of the groups specified here, will be created in the admin role (comma separated)
#AUTHENTICATION_AUTHENTICATION_LDAP_ROLE_ADMIN_GROUPS=
#AUTHENTICATION_AUTHENTICATION_LDAP_ROLE_MANAGER_GROUPS=
#AUTHENTICATION_AUTHENTICATION_LDAP_ROLE_ADVANCED_GROUPS=
#AUTHENTICATION_AUTHENTICATION_LDAP_ROLE_USER_GROUPS=
# This is the default role that users will have if they don't match in any of the previous groups.
# Values can be 'admin', 'manager', 'advanced', 'user'
#AUTHENTICATION_AUTHENTICATION_LDAP_ROLE_DEFAULT=user

## SAML
#AUTHENTICATION_AUTHENTICATION_SAML_ENABLED=false
#AUTHENTICATION_AUTHENTICATION_SAML_METADATA_URL=
## If the key and cert files don't exist, they will be self signed automatically
#AUTHENTICATION_AUTHENTICATION_SAML_KEY_FILE=/keys/isardvdi.key
#AUTHENTICATION_AUTHENTICATION_SAML_CERT_FILE=/keys/isardvdi.cert

### These are the fields that the SAML search responds. For example, in some installations, the field for the email is called 'mail'
### Then, a regex is applied to this field, in case we needed to filter inside a SAML field. By default it collects the whole field. The 
### regex match tries to extract the first group, but if there's no group it will extract the whole match
#AUTHENTICATION_AUTHENTICATION_SAML_FIELD_UID=
#AUTHENTICATION_AUTHENTICATION_SAML_REGEX_UID=.*
#AUTHENTICATION_AUTHENTICATION_SAML_FIELD_USERNAME=
#AUTHENTICATION_AUTHENTICATION_SAML_REGEX_USERNAME=.*
#AUTHENTICATION_AUTHENTICATION_SAML_FIELD_NAME=
#AUTHENTICATION_AUTHENTICATION_SAML_REGEX_NAME=.*
#AUTHENTICATION_AUTHENTICATION_SAML_FIELD_EMAIL=
#AUTHENTICATION_AUTHENTICATION_SAML_REGEX_EMAIL=.*
#AUTHENTICATION_AUTHENTICATION_SAML_FIELD_PHOTO=
#AUTHENTICATION_AUTHENTICATION_SAML_REGEX_PHOTO=.*

## Google
### Create your Google OAUTH credentials at https://console.developers.google.com/apis/credentials
### Authorized redirect URIs: https://domain.tld/authentication/callback
#AUTHENTICATION_AUTHENTICATION_GOOGLE_ENABLED=false
#AUTHENTICATION_AUTHENTICATION_GOOGLE_CLIENT_ID=id
#AUTHENTICATION_AUTHENTICATION_GOOGLE_CLIENT_SECRET=secret

# ------ Backups -------------------------------------------------------------

## Automated backups (https://0xacab.org/liberate/backupninja)
# If BACKUP_NFS_ENABLED is not enabled it will use this directory to create backups
# If BACKUP_NFS_ENABLED is enabled then this variable should be commented
#BACKUP_DIR=/opt/isard-local/backup

# If nfs enabled you need to set server and folder also
#BACKUP_NFS_ENABLED=false
#BACKUP_NFS_SERVER=172.16.0.10
#BACKUP_NFS_FOLDER=/remote/backupfolder

#BACKUP_DB_ENABLED=false
#BACKUP_DB_WHEN="everyday at 01"
#BACKUP_DB_PRUNE="--keep-weekly=8 --keep-monthly=12 --keep-within=14d --save-space"

#BACKUP_DISKS_ENABLED=false
#BACKUP_DISKS_WHEN="everyday at 01"
#BACKUP_DISKS_PRUNE="--keep-weekly=4 --keep-monthly=3 --keep-within=7d --save-space"
#BACKUP_DISKS_TEMPLATES_ENABLED=false
#BACKUP_DISKS_GROUPS_ENABLED=false
#BACKUP_DISKS_MEDIA_ENABLED=false

##################################################################
##################################################################
## DO NOT EDIT FROM HERE UNLESS YOU KNOW WHAT YOU ARE DOING !!! ##
##################################################################
##################################################################

# ------ Docker images prefix ------------------------------------------------
## Image prefix that could include registry and repository
DOCKER_IMAGE_PREFIX=registry.gitlab.com/isard/isardvdi/

# ------ Docker images tags --------------------------------------------------
## Image tag that could be tags or branches from the git repository
## Used for doing docker-compose pull
DOCKER_IMAGE_TAG=main

# ------ Logs ----------------------------------------------------------------
LOG_LEVEL=INFO

# ------ QCOW2 images --------------------------------------------------------
## Cluster size used when creating qcow2 disk images
#QCOW2_CLUSTER_SIZE=4k
## Enable use of extended l2 entries when creating qcow2 disk images
## Options: on / off
#QCOW2_EXTENDED_L2=off

# ------ GPUS --------------------------------------------------------------
## ----- NVIDIA
## New hypervisor: Engine will try to scan new hyper for NVIDIA GPUs and
##                 will also setup them.
#GPU_NVIDIA_SCAN=false

## Enabled existing hyper: Existing hyper will be scanned for NVIDIA GPUs
##                         when enabled (from disabled) at web interface.
#GPU_NVIDIA_RESCAN=false

##################################################################
## INFRASTRUCTURE PARAMETERS. Used on remote hypervisors        ##
##################################################################
## Remote hypervisors can be:
## docker-compose.hypervisor.yml: Will have an isard-video
## docker-compose.hypervisor-standalone.yml: Will get video on 
## the VIDEO_HYPERVISOR_PORTS from the VIDEO_DOMAIN isard-video host.

# ------ Hypervisor Identifier -----------------------------------------------
## Set it to a unique name for hypervisor
#HYPER_ID=isard-hypervisor
## Hypervisor can be disabled when entering system with false value
#HYPER_ENABLED=true

# ------ Hypervisor options ---------------------------------------------------
## ONLY_FORCED_HYP enables only_forced option to only get domains with
## forced_hyp. Values:
## - false (default): get any domain
## - true: only get domains with forced_hyp
#ONLY_FORCED_HYP=false

# ------ Database host -------------------------------------------------------
## Where is the database reacheable?
## Not needed for remote hypervisors, only to split main web install.
#RETHINKDB_HOST=isard-db
#RETHINKDB_PORT=28015
#RETHINKDB_DB=isard

# ------ Authentication host -------------------------------------------------

# Authentication host
## Where is isard-authentication reacheable from clients browser?
## Not needed for remote hypervisors, only to split main web install.
#AUTHENTICATION_AUTHENTICATION_HOST=$DOMAIN
#AUTHENTICATION_DB_HOST=isard-db

# ------ Api host ------------------------------------------------------------
## Where can this host reach the isard-api host?
## Need to be set for flavours:
##   - hypervisor
##   - hypervisor-standalone
#API_DOMAIN=isard-api

# ------ Static nginx host ----------------------------------------------------
## Where the clients browsers will load static when connecting to this host 
## html5 video?
## Need to be set for flavours:
##   - hypervisor
##   - hypervisor-standalone
#STATIC_DOMAIN=$DOMAIN

# ------ Vpn host ------------------------------------------------------------
## Where can this host reach the isard-vpn host?
## Need to be set for flavours:
##   - hypervisor
##   - hypervisor-standalone
#VPN_DOMAIN=isard-vpn

## The vpn mtu will allow for infrastructure connection (allow it in your
## switches)
## If using Internet to connect remote hypers this should be lowered.
## https://keremerkan.net/posts/wireguard-mtu-fixes/
## https://mail.openvswitch.org/pipermail/ovs-discuss/2018-June/046932.html
#VPN_MTU=1600

# ------ Video proxy host ----------------------------------------------------
## Where will the client browser reach isard-video to this host?
## Need to be set for flavours: 
##   - video-standalone (to generate letsencrypt certs)
##   - hypervisor (to generate letsencrypt certs and set up hyper in db)
##   - hypervisor-standalone ( to set up hyper in db)
#VIDEO_DOMAIN=$DOMAIN

# ------ Video external NAT ports --------------------------------------------
## Where the users browsers will connect to get the video stream for
## their guests started in this hypervisor? (outside NAT ports)
#VIEWER_SPICE=80
#VIEWER_BROWSER=443
#VIEWER_RDPGW=9999

# ------ Video proxy ACL -----------------------------------------------------
## Is this host hosting the isard-video for other hypervisor-standalone
## servers? Then allow here only the hostnames for those hypervisors as
## seen from this host with comma (,) delimiters:
#VIDEO_HYPERVISOR_HOSTNAMES=isard-hypervisor
#VIDEO_HYPERVISOR_PORTS=5900-6899

# ------ Docker networking ---------------------------------------------------
## Assign a docker /24 network. The host part will be set by system
## You should avoid setting a network that exists in your infrastructure
## or in isard configuration. Set only the /24 part!
#DOCKER_NET=172.31.255

# ------ Guests networking ---------------------------------------------------
## All the sub networks needed for infrastructure wireguard will
## fall within this sub networks
WG_MAIN_NET=10.0.0.0/14

## Users at home will get a unique /32 IP from this range.
## Set a network that will allow as many clients as you will have.
WG_USERS_NET=10.0.0.0/16

## UDP port for users at home to connect wireguard to this server.
WG_USERS_PORT=443

## Only in infrastructure this will be used by remote hypers to 
## send wireguard guests network to the main Isard. 
WG_HYPERS_NET=10.1.0.0/24

## UDP port for remote hypervisors to connect to this server.
WG_HYPERS_PORT=4443

## This is the main range to be used by wireguard interface in
## guests in your system. Will be subdivided in smaller ranges
## for each hypervisor.
WG_GUESTS_NETS=10.2.0.0/16

## 23: 512 GUESTS -2
## 24: 256 GUESTS -2
## Each hypervisor will get one subnet from WG_GUESTS_NETS
## Last network will be subdivided /29 to connect wireguard hyper
## clients (isard-vpnc) to the wireguard server (isard-vpn)
WG_GUESTS_DHCP_MASK=23
## This sets a reserved dhcp range if you want.
WG_GUESTS_RESERVED_HOSTS=20

# ------ Trunk port & vlans --------------------------------------------------
## Uncomment to map host interface name inside hypervisor container.
## If static vlans are commented then hypervisor will initiate an 
## auto-discovery process. The discovery process will last for 260
## seconds and this will delay the hypervisor from being available.
## So it is recommended to set also the static vlans.
## Note: It will create VlanXXX automatically on webapp. You need to
##       assign who is allowed to use this VlanXXX interfaces.
#HYPERVISOR_HOST_TRUNK_INTERFACE=

## This environment variable depends on previous one. When setting
## vlans number comma separated it will disable auto-discovery and
## fix this as forced vlans inside hypervisor.
#HYPERVISOR_STATIC_VLANS=

## NOTE: The interface name should not be changed from defaults.
##       Newer kernels use cgroups2 that doens't work. To get the
##       old cgroups add to /etc/default/grub:
##        GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=0"
##       and update-grub, and reboot.

# ------ Override hosts in isard-portal haproxy ------------------------------
#WEBAPP_HOST=isard-webapp

##################################################################
## STATS PARAMETERS                                             ##
##################################################################

# ------ Grafana ------------------------------------------------------
#GRAFANA_HOST=isard-grafana

# ------ Prometheus -----------------------------------------------------
#PROMETHEUS_ADDRESS=http://isard-prometheus:9090

# ------ Stats -----------------------------------------------------
#STATS_DIRECTORY=/opt/isard/stats
#STATS_GLANCES_REFRESH=2
#STATS_GLANCES_DATA_RETENTION=2w

# ------ Loki -----------------------------------------------------
#LOKI_ADDRESS=http://isard-loki:3100

# ------ OCI Collector -----------------------------------------------------
#STATS_COLLECTORS_OCI_ENABLE=false
#TF_VAR_tenancy_ocid=
#TF_VAR_user_ocid=
#TF_VAR_fingerprint=
#TF_VAR_region=
#TF_VAR_private_key=
NefixEstrada commented 1 year ago

It seems that you don't have the default category created. Or you disabled it to appear in the advanced settings. I'd stop everything, remove the /opt/isard and /opt/isard-local directories and start it again. You may want to try accessing it through https://<domain>/login/default and see if there's any luck!

crazynds commented 1 year ago

OK, this resolve my problem.