Unable to login to Grafana as GRAFANA_CLIENT_ID is not generated.

suda-bemap commented 1 year ago

Checklist Put an x in the boxes that apply

[x] I have run the latest release.
[x] I have inspeced the status of docker containers.
[x] I have run the sanity check described in after-installation.md.
[x] I have inspected all error messages.
[x] I have inspected the log files in the /var/log/fiware directory.
[x] I have run the make collect command.

Describe the bug

I added Grafana in config.sh and ran lets-fiware.sh. But ngsi returns Internal Server error on generating GRAFANA_CLIENT_ID. An error occurs when --openid is specified in the ngsi option. That's why I can't login to Grafana.

/usr/local/bin/ngsi --batch --configDir /home/suda/FIWARE-Big-Bang-0.29.0/.work/ngsi-go applications --host keyrock-20230728_09-37-09 create --name Grafana --description 'Grafana application (fiware-test)' --url https://grafana.air-compass.info/ --redirectUri https://grafana.air-compass.info/login/generic_oauth --openid
applicationsCreate003 error 500 Internal Server Error {"error":{"message":"Internal error","code":500,"title":"Internal error"}}
GRAFANA_CLIENT_ID=
jq -r .application.secret
/usr/local/bin/ngsi --batch --configDir /home/suda/FIWARE-Big-Bang-0.29.0/.work/ngsi-go applications --host keyrock-20230728_09-37-09 get --aid ''
checkEmpty001 --aid: value is empty

Your system environment Run make collect in a directory where you ran the lets-fiware.sh script and paste the results here. `./config/script/collect.sh

Date: Fri Jul 28 10:25:06 UTC 2023
Version: 0.29.0
Hash: e98f36dbc64b99b4191438979635bbfa55935f7dd84a02490ca3032eebd36210  lets-fiware.sh
App list: KEYROCK ORION WIRECLOUD NGSIPROXY NODE_RED GRAFANA IOTAGENT_UL IOTAGENT_JSON IOTAGENT_HTTP MOSQUITTO
Install: completed
Docker containers:
make[1]: Entering directory '/home/suda/FIWARE-Big-Bang-0.29.0'
sudo ./setup/ps.sh
NAME                                   IMAGE                                COMMAND                  SERVICE             CREATED             STATUS                      PORTS
fiware-big-bang-0290-elasticsearch-1   elasticsearch:2.4                    "/docker-entrypoint.…"   elasticsearch       13 minutes ago      Up 13 minutes               9200/tcp, 9300/tcp
fiware-big-bang-0290-grafana-1         grafana/grafana:6.1.6                "/run.sh"                grafana             13 minutes ago      Up 13 minutes               3000/tcp
fiware-big-bang-0290-iotagent-json-1   telefonicaiot/iotagent-json:1.25.0   "docker-entrypoint.s…"   iotagent-json       13 minutes ago      Up 13 minutes (healthy)     4041/tcp, 7896/tcp
fiware-big-bang-0290-iotagent-ul-1     telefonicaiot/iotagent-ul:1.24.0     "docker-entrypoint.s…"   iotagent-ul         13 minutes ago      Up 13 minutes (healthy)     4061/tcp, 7896/tcp
fiware-big-bang-0290-keyrock-1         letsfiware/idm:8.1.0                 "docker-entrypoint.s…"   keyrock             13 minutes ago      Up 13 minutes (healthy)     3000/tcp
fiware-big-bang-0290-memcached-1       memcached:1                          "docker-entrypoint.s…"   memcached           13 minutes ago      Up 13 minutes               11211/tcp
fiware-big-bang-0290-mongo-1           mongo:4.4                            "docker-entrypoint.s…"   mongo               13 minutes ago      Up 13 minutes               27017/tcp
fiware-big-bang-0290-mosquitto-1       eclipse-mosquitto:1.6                "/docker-entrypoint.…"   mosquitto           13 minutes ago      Up 13 minutes               1883/tcp
fiware-big-bang-0290-mysql-1           mysql:5.7                            "docker-entrypoint.s…"   mysql               13 minutes ago      Up 13 minutes               3306/tcp, 33060/tcp
fiware-big-bang-0290-nginx-1           nginx:1.25                           "/docker-entrypoint.…"   nginx               13 minutes ago      Up 12 minutes               0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:8883->8883/tcp, :::8883->8883/tcp
fiware-big-bang-0290-ngsiproxy-1       fiware/ngsiproxy:1.2.2               "docker/entrypoint.sh"   ngsiproxy           13 minutes ago      Up 13 minutes
fiware-big-bang-0290-node-red-1        letsfiware/node-red:0.29.0           "./entrypoint.sh"        node-red            13 minutes ago      Up 13 minutes (healthy)     1880/tcp
fiware-big-bang-0290-orion-1           telefonicaiot/fiware-orion:3.10.1    "sh -c 'rm /tmp/cont…"   orion               13 minutes ago      Up 13 minutes (healthy)     1026/tcp
fiware-big-bang-0290-postgres-1        postgres:15                          "docker-entrypoint.s…"   postgres            13 minutes ago      Up 13 minutes               5432/tcp
fiware-big-bang-0290-tokenproxy-1      letsfiware/tokenproxy:0.29.0         "docker-entrypoint.sh"   tokenproxy          13 minutes ago      Up 13 minutes               1029/tcp
fiware-big-bang-0290-wilma-1           letsfiware/pep-proxy:8.1.0           "docker-entrypoint.s…"   wilma               13 minutes ago      Up 13 minutes (unhealthy)   1027/tcp
fiware-big-bang-0290-wirecloud-1       fiware/wirecloud:1.3.1               "/docker-entrypoint.…"   wirecloud           13 minutes ago      Up 12 minutes (healthy)     8000/tcp
make[1]: Leaving directory '/home/suda/FIWARE-Big-Bang-0.29.0'
Keyrock:
{"keyrock":{"version":"8.1.0","release_date":"2021-07-22","uptime":"00:12:48.6","git_hash":"https://github.com/ging/fiware-idm/releases/tag/8.1.0","doc":"https://fiware-idm.readthedocs.io/en/8.1.0/","api":{"version":"v1","link":"https://keyrock.air-compass.info/v1"}}}

` To Reproduce Steps to reproduce the behavior:

Add grafana to config.sh GRAFANA=grafana
Run lets-fiware.sh

Expected behavior Login to Grafana succeeds.

Screenshots If applicable, add screenshots to help explain your problem.

Server (please complete the following information):

OS and OS version: Ubuntu 22.04.2 LTS
Docker version: Docker version 24.0.5, build ced0996
Docker-compose version: Docker Compose version v2.20.2

Additional context Add any other context about the problem here.

fisuda commented 1 year ago

I have not been able to reproduce this error. I was able to login to Grafana in my environment. The hash value of the letsfiware.sh file is different from the original one of 0.29.0. Please make a FIWARE instance again using the official release file.

ubuntu@big-bang:~/FIWARE-Big-Bang-0.29.0$ make collect ./config/script/collect.sh

Date: Fri Jul 28 20:29:16 JST 2023
Version: 0.29.0
Hash: caadc9a62cc834ba2e4f0123ae03b2e2d033acc5538e7cd12c6d4265b21c59a1  lets-fiware.sh
App list: KEYROCK ORION GRAFANA
Install: completed
Docker containers:
make[1]: Entering directory '/home/ubuntu/FIWARE-Big-Bang-0.29.0'
sudo ./setup/ps.sh
NAME                                IMAGE                               COMMAND                  SERVICE             CREATED             STATUS                     PORTS
fiware-big-bang-0290-grafana-1      grafana/grafana:6.1.6               "/run.sh"                grafana             4 minutes ago       Up 4 minutes               3000/tcp
fiware-big-bang-0290-keyrock-1      letsfiware/idm:8.1.0                "docker-entrypoint.s…"   keyrock             4 minutes ago       Up 4 minutes (healthy)     3000/tcp
fiware-big-bang-0290-mongo-1        mongo:4.4                           "docker-entrypoint.s…"   mongo               4 minutes ago       Up 4 minutes               27017/tcp
fiware-big-bang-0290-mysql-1        mysql:5.7                           "docker-entrypoint.s…"   mysql               4 minutes ago       Up 4 minutes               3306/tcp, 33060/tcp
fiware-big-bang-0290-nginx-1        nginx:1.25                          "/docker-entrypoint.…"   nginx               4 minutes ago       Up 4 minutes               0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp
fiware-big-bang-0290-orion-1        telefonicaiot/fiware-orion:3.10.1   "sh -c 'rm /tmp/cont…"   orion               4 minutes ago       Up 4 minutes (healthy)     1026/tcp
fiware-big-bang-0290-tokenproxy-1   letsfiware/tokenproxy:0.29.0        "docker-entrypoint.sh"   tokenproxy          4 minutes ago       Up 4 minutes               1029/tcp
fiware-big-bang-0290-wilma-1        letsfiware/pep-proxy:8.1.0          "docker-entrypoint.s…"   wilma               4 minutes ago       Up 4 minutes (unhealthy)   1027/tcp
make[1]: Leaving directory '/home/ubuntu/FIWARE-Big-Bang-0.29.0'
Keyrock:
{"keyrock":{"version":"8.1.0","release_date":"2021-07-22","uptime":"00:04:23.9","git_hash":"https://github.com/ging/fiware-idm/releases/tag/8.1.0","doc":"https://fiware-idm.readthedocs.io/en/8.1.0/","api":{"version":"v1","link":"https://keyrock.big-bang.letsfiware.jp/v1"}}}

suda-bemap commented 1 year ago

GCPのVMインスタンスにUbuntu22.04を再インストールし、オリジナルのスクリプトを実行しましたが、同じ問題が発生します。 lets-fiware.shからエラーメッセージが出力されます。 applicationsCreate003 error 500 Internal Server Error {"error":{"message":"Internal error","code":500,"title":"Internal error"}}

lets-fiware.shの先頭行を"#!/bin/bash -x"に変更し、実行したところ、ngsiがInternal Server Errorを返すために、GRAFANA_CLIENT_IDに値が設定されていないことが分かります。

++ /usr/local/bin/ngsi --batch --configDir /home/suda/FIWARE-Big-Bang-0.29.0/.work/ngsi-go applications --host keyrock-20230803_03-20-19 create --name Grafana --description 'Grafana application (fiware-test)' --url https://grafana.air-compass.info/ --redirectUri https://grafana.air-compass.info/login/generic_oauth --openid
applicationsCreate003 error 500 Internal Server Error {"error":{"message":"Internal error","code":500,"title":"Internal error"}}
+ GRAFANA_CLIENT_ID=

suda@fiware-test:~/FIWARE-Big-Bang-0.29.0$ make collect
./config/script/collect.sh
Date: Thu Aug  3 03:09:25 UTC 2023
Version: 0.29.0
Hash: caadc9a62cc834ba2e4f0123ae03b2e2d033acc5538e7cd12c6d4265b21c59a1  lets-fiware.sh
App list: KEYROCK ORION GRAFANA
Install: completed
Docker containers:
make[1]: Entering directory '/home/suda/FIWARE-Big-Bang-0.29.0'
sudo ./setup/ps.sh
NAME                                IMAGE                               COMMAND                  SERVICE             CREATED             STATUS                     PORTS
fiware-big-bang-0290-grafana-1      grafana/grafana:6.1.6               "/run.sh"                grafana             5 minutes ago       Up 5 minutes               3000/tcp
fiware-big-bang-0290-keyrock-1      letsfiware/idm:8.1.0                "docker-entrypoint.s…"   keyrock             5 minutes ago       Up 5 minutes (healthy)     3000/tcp
fiware-big-bang-0290-mongo-1        mongo:4.4                           "docker-entrypoint.s…"   mongo               5 minutes ago       Up 5 minutes               27017/tcp
fiware-big-bang-0290-mysql-1        mysql:5.7                           "docker-entrypoint.s…"   mysql               5 minutes ago       Up 5 minutes               3306/tcp, 33060/tcp
fiware-big-bang-0290-nginx-1        nginx:1.25                          "/docker-entrypoint.…"   nginx               5 minutes ago       Up 5 minutes               0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp
fiware-big-bang-0290-orion-1        telefonicaiot/fiware-orion:3.10.1   "sh -c 'rm /tmp/cont…"   orion               5 minutes ago       Up 5 minutes (healthy)     1026/tcp
fiware-big-bang-0290-tokenproxy-1   letsfiware/tokenproxy:0.29.0        "docker-entrypoint.sh"   tokenproxy          5 minutes ago       Up 5 minutes               1029/tcp
fiware-big-bang-0290-wilma-1        letsfiware/pep-proxy:8.1.0          "docker-entrypoint.s…"   wilma               5 minutes ago       Up 5 minutes (unhealthy)   1027/tcp
make[1]: Leaving directory '/home/suda/FIWARE-Big-Bang-0.29.0'
Keyrock:
{"keyrock":{"version":"8.1.0","release_date":"2021-07-22","uptime":"00:05:36.8","git_hash":"https://github.com/ging/fiware-idm/releases/tag/8.1.0","doc":"https://fiware-idm.readthedocs.io/en/8.1.0/","api":{"version":"v1","link":"https://keyrock.air-compass.info/v1"}}}

そのため、Grafanaへのログインが失敗します。

fisuda commented 1 year ago

applicationsCreate003 error 500 Internal Server Error {"error":{"message":"Internal error","code":500,"title":"Internal error"}}

This error is a respose from your Keyrock instance. The error message of NGSI Go has a prefix like applicationsCreate003. A prefix consists of a Go lang function name and a position in the funciton. In this case, the function name is applicationsCreate. The position is 3rd. See here.

    if res.StatusCode != http.StatusCreated {
            return ngsierr.New(funcName, 3, fmt.Sprintf("error %s %s", res.Status, string(body)), nil)
    }

https://github.com/lets-fiware/ngsi-go/blob/81d5fac1aae63209e51c9bcb8a7352325b21ec19/internal/keyrock/applications.go#L147-L149

You should investigate a log file of Keyrock. Set the IDM_DEBUG valiable to true in config.sh and run the lets-fiware.sh again.

https://github.com/lets-fiware/FIWARE-Big-Bang/blob/692623cf6bae0c335ad45550c02c6de37c732858/config.sh#L24-L27

suda-bemap commented 1 year ago

I specified debug and re-ran. The /var/log/fiware/keylock.log contained error messages. I've excerpted the log before and after the error.

Aug  4 02:43:28 fiware-test [keyrock][672]: #033[0mGET /v1/applications/80f2e445-f8eb-42be-b156-551b2022672d/pep_proxies #033[32m200#033[0m 101.417 ms - 126#033[0m
Aug  4 02:43:31 fiware-test [keyrock][672]: Fri, 04 Aug 2023 02:43:31 GMT idm:api-authenticate  --> validate_token
Aug  4 02:43:31 fiware-test [keyrock][672]: Executing (default): SELECT `AuthToken`.`access_token`, `AuthToken`.`expires`, `AuthToken`.`valid`, `AuthToken`.`user_id`, `AuthToken`.`pep_proxy_id`, `User`.`id` AS `User.id`, `User`.`username` AS `User.username`, `User`.`email` AS `User.email`, `User`.`date_password` AS `User.date_password`, `User`.`enabled` AS `User.enabled`, `User`.`admin` AS `User.admin`, `PepProxy`.`id` AS `PepProxy.id` FROM `auth_token` AS `AuthToken` LEFT OUTER JOIN `user` AS `User` ON `AuthToken`.`user_id` = `User`.`id` LEFT OUTER JOIN `pep_proxy` AS `PepProxy` ON `AuthToken`.`pep_proxy_id` = `PepProxy`.`id` WHERE `AuthToken`.`access_token` = 'afe2f100-0ded-4555-b795-a6a9599bbc63';
Aug  4 02:43:31 fiware-test [keyrock][672]: Fri, 04 Aug 2023 02:43:31 GMT idm:api-check_permissions_controller --> check_request
Aug  4 02:43:31 fiware-test [keyrock][672]: Fri, 04 Aug 2023 02:43:31 GMT idm:api-applications --> create
Aug  4 02:43:31 fiware-test [keyrock][672]: Fri, 04 Aug 2023 02:43:31 GMT idm:api-applications --> check_create_body_request
Aug  4 02:43:31 fiware-test [keyrock][672]: Fri, 04 Aug 2023 02:43:31 GMT idm:api-applications --> generate_app_certificates
Aug  4 02:43:31 fiware-test [keyrock][672]: Executing (default): INSERT INTO `oauth_client` (`id`,`secret`,`name`,`description`,`url`,`redirect_uri`,`redirect_sign_out_uri`,`image`,`grant_type`,`token_types`,`jwt_secret`,`response_type`,`scope`) VALUES ('3601cdf6-af83-4e5b-961f-40a3bbd6ecee','7cb59467-04e3-4ee1-a4c0-a28ed529e19a','Grafana','Grafana application (fiware-test)','https://grafana.air-compass.info/','https://grafana.air-compass.info/login/generic_oauth','','default','client_credentials,password,authorization_code,implicit,refresh_token,hybrid','jwt,bearer','5ac735310d08ac88','code,token,id_token','openid');
Aug  4 02:43:31 fiware-test [keyrock][672]: Executing (default): INSERT INTO `role_assignment` (`id`,`role_id`,`user_id`,`oauth_client_id`) VALUES (DEFAULT,'provider','admin','3601cdf6-af83-4e5b-961f-40a3bbd6ecee');
Aug  4 02:43:31 fiware-test [keyrock][672]: Fri, 04 Aug 2023 02:43:31 GMT idm:api-applications Error: Error: Command failed: openssl genrsa -out certs/applications/3601cdf6-af83-4e5b-961f-40a3bbd6ecee-oidc-key.pem 2048 && openssl req -new -sha256 -key certs/applications/3601cdf6-af83-4e5b-961f-40a3bbd6ecee-oidc-key.pem -out certs/applications/3601cdf6-af83-4e5b-961f-40a3bbd6ecee-oidc-csr.pem -subj "/C=IK/ST=World/L=World/O=Grafana/OU=Grafana/CN=https" && openssl x509 -days 365 -req -in certs/applications/3601cdf6-af83-4e5b-961f-40a3bbd6ecee-oidc-csr.pem -signkey certs/applications/3601cdf6-af83-4e5b-961f-40a3bbd6ecee-oidc-key.pem -out certs/applications/3601cdf6-af83-4e5b-961f-40a3bbd6ecee-oidc-cert.pem
Aug  4 02:43:31 fiware-test [keyrock][672]: genrsa: Can't open "certs/applications/3601cdf6-af83-4e5b-961f-40a3bbd6ecee-oidc-key.pem" for writing, Permission denied
Aug  4 02:43:31 fiware-test [keyrock][672]: #033[0mPOST /v1/applications #033[31m500#033[0m 108.550 ms - 74#033[0m
Aug  4 02:43:38 fiware-test [keyrock][672]: > fiware-idm@8.1.0 start /opt/fiware-idm
Aug  4 02:43:38 fiware-test [keyrock][672]: > node ./bin/www

fisuda commented 1 year ago

Could you tell me uid and gid of a user when you ran the lets-fiware.sh script? You can get them by running the id command as shown:

ubuntu@big-bang:~/FIWARE-Big-Bang-0.29.0$ id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),118(netdev),119(lxd)

Next, could you please add the following new line to the next of L1261 in the lets-fiware.sh script?

  "${SUDO}" chown -R 1000:1000 "${CONFIG_DIR}"/keyrock/certs

Before:

https://github.com/lets-fiware/FIWARE-Big-Bang/blob/692623cf6bae0c335ad45550c02c6de37c732858/lets-fiware.sh#L1258-L1263

After:

up_keyrock_mysql() {
  logging_info "${FUNCNAME[0]}"

  mkdir -p "${CONFIG_DIR}"/keyrock/certs/applications
  "${SUDO}" chown -R 1000:1000 "${CONFIG_DIR}"/keyrock/certs

  cp -a "${TEMPLEATE}"/docker/setup-keyrock-mysql.yml ./docker-idm.yml

Then, run the lets-fiware.sh script again.

Thanks.

suda-bemap commented 1 year ago

Thank you for your advice. It worked fine on a VM I created on GCP.

Below is the 'id' result.

uid=1001(suda) gid=1002(suda) groups=1002(suda),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),119(netdev),120(lxd),1000(ubuntu),1001(google-sudoers)

fisuda commented 1 year ago

Thank you for the feedback.

I fixed this bug by PR #292 and released the FIWARE Big Bang v0.30.0.

p.s. If you think FIWARE Big Bang is the recommended tool for engineers, I would appreciate it if you could provide a Github Star to this repository.

Thanks.

lets-fiware / FIWARE-Big-Bang

Unable to login to Grafana as GRAFANA_CLIENT_ID is not generated. #291