invalid credentials on login to fresh install

[rjlan]

Hi, ran XenOrchestraInstallerUpdater on a fresh install of Debian 11.3.0 running in a VM on Proxmox. Getting an error logging in using the credentials printed in the terminal after the installer finished (admin@admin.net/admin). Looking into the xo log, I am seeing this error:

Jul 05 11:58:06 xenorchestra xo-server[349]: 2022-07-05T15:58:06.601Z xo:authentification ERROR no available algorithm with id argon2id {
Jul 05 11:58:06 xenorchestra xo-server[349]:   error: Error: no available algorithm with id argon2id
Jul 05 11:58:06 xenorchestra xo-server[349]:       at getAlgorithmFromId (/opt/xo/xo-builds/xen-orchestra-202207051131/node_modules/hashy/index.js:189:11)
Jul 05 11:58:06 xenorchestra xo-server[349]:       at getAlgorithmFromHash (/opt/xo/xo-builds/xen-orchestra-202207051131/node_modules/hashy/index.js:196:10)
Jul 05 11:58:06 xenorchestra xo-server[349]:       at verify (/opt/xo/xo-builds/xen-orchestra-202207051131/node_modules/hashy/index.js:293:10)
Jul 05 11:58:06 xenorchestra xo-server[349]:       at /opt/xo/xo-builds/xen-orchestra-202207051131/node_modules/hashy/index.js:33:22
Jul 05 11:58:06 xenorchestra xo-server[349]:       at Promise._execute (/opt/xo/xo-builds/xen-orchestra-202207051131/node_modules/bluebird/js/release/debuggability.js:384:9)
Jul 05 11:58:06 xenorchestra xo-server[349]:       at Promise._resolveFromExecutor (/opt/xo/xo-builds/xen-orchestra-202207051131/node_modules/bluebird/js/release/promise.js:518:18)
Jul 05 11:58:06 xenorchestra xo-server[349]:       at new Promise (/opt/xo/xo-builds/xen-orchestra-202207051131/node_modules/bluebird/js/release/promise.js:103:10)
Jul 05 11:58:06 xenorchestra xo-server[349]:       at verify (/opt/xo/xo-builds/xen-orchestra-202207051131/node_modules/hashy/index.js:32:9)
Jul 05 11:58:06 xenorchestra xo-server[349]:       at default.checkUserPassword (file:///opt/xo/xo-builds/xen-orchestra-202207051131/packages/xo-server/src/xo-mixins/subjects.mjs:311:26)
Jul 05 11:58:06 xenorchestra xo-server[349]:       at file:///opt/xo/xo-builds/xen-orchestra-202207051131/packages/xo-server/src/xo-mixins/authentication.mjs:53:20
Jul 05 11:58:06 xenorchestra xo-server[349]:       at default._authenticateUser (file:///opt/xo/xo-builds/xen-orchestra-202207051131/packages/xo-server/src/xo-mixins/authentication.mjs:117:24)
Jul 05 11:58:06 xenorchestra xo-server[349]:       at default.authenticateUser (file:///opt/xo/xo-builds/xen-orchestra-202207051131/packages/xo-server/src/xo-mixins/authentication.mjs:162:20)
Jul 05 11:58:06 xenorchestra xo-server[349]:       at Strategy._verify (file:///opt/xo/xo-builds/xen-orchestra-202207051131/packages/xo-server/src/index.mjs:289:26)
Jul 05 11:58:06 xenorchestra xo-server[349]: }

As I'm not familiar with XenOrchestra, I'm not sure what my options are for getting logged in/creating a user/etc.

Installer:

$ sudo ./xo-install.sh 
[sudo] password for rjlan: 
-----------------------------------------

Welcome to automated Xen Orchestra install

Following options will be used for installation:

OS: Debian 11 
Basedir: /opt/xo 
User: root 
Port: 80
HTTPS: false
Git Branch for source: master
Following plugins will be installed: all
Number of previous installations to preserve: 3
Node.js and yarn auto update: true

Errorlog is stored to /home/rjlan/XenOrchestraInstallerUpdater/logs/xo-install.log-202207051131 for debug purposes

Depending on which installation is chosen:

Xen Orchestra configuration will be stored to /root/.config/xo-server/config.toml, if you don't want it to be replaced with every update, set CONFIGUPDATE to false in xo-install.cfg
Xen Orchestra Proxy configuration will be stored to /root/.config/xo-proxy/config.toml. Config won't be overwritten during update, ever
-----------------------------------------

1. Install
2. Update
3. Rollback
4. Install proxy
5. Update proxy
6. Exit

: 1

[ok] Running apt-get update

[ok] Installing build dependencies, redis server, python, git, libvhdi-utils, lvm2, nfs-common, cifs-utils, curl, ntfs-3g, libxml2-utils

[ok] Installing apt-transport-https and ca-certificates packages to support https repos

[ok] Debian 10/11, so installing gnupg also

[ok] Installing node.js

[ok] Installing yarn

[ok] Enabling and starting redis service

[ok] Enabling and starting rpcbind service

[info] Creating missing basedir to /opt/xo

[info] Creating missing xo-builds directory to /opt/xo/xo-builds

[info] Fetching Xen Orchestra source code

[info] Creating install directory: /opt/xo/xo-builds/xen-orchestra-202207051131

[info] Installing Xen Orchestra from branch: master - commit: b96dd0160

[info] No 3rd party plugins to install

[info] xo-server and xo-web build takes quite a while. Grab a cup of coffee and lay back

[ok] Running installation

[ok] Installing plugins

[info] Fixing binary path in systemd service configuration file
[info] Adding WorkingDirectory parameter to systemd service configuration file
[info] Replacing systemd service configuration file
[info] Reloading systemd configuration

[info] Fixing relative path to xo-web installation in xo-server configuration file
[info] Activating modified configuration file

[info] Symlinking fresh xo-server install/update to /opt/xo/xo-server
[info] Symlinking fresh xo-web install/update to /opt/xo/xo-web

[info] Starting xo-server...
 waiting for port to be open

       WebUI started in port 80. Make sure you have firewall rules in place to allow access.
       Default username: admin@admin.net password: admin

[info] Installation successful. Enabling xo-server service to start on reboot

[ronivay]

Thank you for reporting this. I can reproduce this and it seems to be caused by commit https://github.com/vatesfr/xen-orchestra/commit/49890a09b7a3c4bcbe7f462577c6d0a7da8b7006

Looks like default user created in any installation within or after that commit is broken and one can't login with it. Actually all user creation (their passwords specifically) is broken. For the time being you can get it to work by doing the following:

Edit /home/rjlan/XenOrchestraInstallerUpdater/xo-install.cfg and change BRANCH="master" -> BRANCH="dfce56cee", rerun xo-install.sh and choose update. Once update is complete, run sudo /opt/xo/xo-server/dist/recover-account-cli.mjs admin@admin.net and insert the password you wish. Login should now work normally.

Once the issue is fixed, you should change back to using master branch for the future updates to work properly.

I assume this was reported by you as well: https://xcp-ng.org/forum/topic/6065/invalid-credentials-in-new-installation-from-source ? I'll pass my findings there as it's something i can't fix.

E: edited the workaround instructions slightly so that redis database isn't removed

[rjlan]

Thanks, am up and running. I very much appreciate the help.

[cliffr39]

Just found this and re-running the install with the branch change. Fingers crossed lol thought I was doing something wrong for the last 4 hours.

Edit: worked great. You are awesome to find the cause and post a workaround here so quickly

[ronivay]

This is now fixed in: https://github.com/vatesfr/xen-orchestra/commit/ba03a4849831deecda7b8139374b5c43bf90d2b3