davideserio
commented
3 months ago Hi,
Can you try to authorize in swagger?
You can find the swagger user interface at https://\
Closed MuriloCouceiro closed 2 months ago
davideserio
commented
3 months ago Hi,
Can you try to authorize in swagger?
You can find the swagger user interface at https://\
MuriloCouceiro
commented
2 months ago Hi, thanks for getting back!
I found nothing wrong in the logs, just a 200 for /api/docs
However in the interface I get the following error:
davideserio
commented
2 months ago Hi,
This error has been fixed with the latest Helm version, v0.1.14, which includes the updated API v0.18. Can you update Helm and verify if you can authenticate in the Swagger interface?
MuriloCouceiro
commented
2 months ago Thanks, I have updated the chart version and can now use the swagger interface!
Yet, the same thing happens. I've logged in with swagger and tried the /api/v1/setup/version endpoint but got a 401 again
Login:
Request:
davideserio
commented
2 months ago Do you use the subdirectory?
The swagger interface uses the following url format
https://<\your-velero-domain\>/<subdirectory>/api/docsor
https://<\your-velero-domain\>/api/docsIt uses
https://<\your-velero-domain\>/api/docsWith reference to your values override can you try the following configuration?
global:
veleroNamespace: velero
kubernetesClusterDomain: cluster.local
apiConfig:
awsAccessKeyId: velero
awsSecretAccessKey: velero123
origins1: '*'
debugLevel: debug
apiEnableDocumentation: 1
#uiConfig:
# # -- Url to http velero-api project
# nextPublicVeleroApiUrl: <url>
# # -- Url to ws velero-api project
# nextPublicVeleroApiWs: <url>
uiNp:
enabled: false
uiIngress:
# -- Enable or disable ingress
enabled: true
# -- Ingress class name
ingressClassName: nginx
metadata:
annotations:
cert-manager.io/cluster-issuer: issuer
nginx.ingress.kubernetes.io/proxy-read-timeout: '3600'
nginx.ingress.kubernetes.io/proxy-send-timeout: '3600'
spec:
tls:
- hosts:
- <url-domain>
.....Next, can you try authenticating in Swagger again? Also, on the login page, at the bottom left, there is a button to display more diagnostic information. Can you check it?
MuriloCouceiro
commented
2 months ago Sure! Correct me if I'm wrong: the changes were just for the origin and the log level right?
After updating here's what I've got:
After restarting the api pod I noticed this error (not sure if it was there before).
.....
INFO: 2024-08-05 09:19:05.898 [helper.velero_client] Successfully extracted 'velero' from './velero-client/dl/velero-v1.12.2-linux-amd64.tar.gz' to '/usr/local/bin'.
INFO: 2024-08-05 09:19:05.898 [helper.velero_client] Result from init velero-cli-version :True
INFO: Open database connection
INFO: create_default_user.check
INFO: create_default_user.forced
(trapped) error reading bcrypt version
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/passlib/handlers/bcrypt.py", line 620, in _load_backend_mixin
version = _bcrypt.__about__.__version__
AttributeError: module 'bcrypt' has no attribute '__about__'
INFO: Close database connection
......As for the swagger workflow, i get the same error. Here is the logs.
INFO: 10.244.0.0:36542 - "GET /api/openapi.json HTTP/1.1" 200 OK
DEBUG: 2024-08-05 09:21:14.142 [service.authentication] [/api/v1/token] User:admin-Password:ad**
INFO: 2024-08-05 09:21:14.431 [authentication.users] [/api/v1/token] Login in :admin
DEBUG: 2024-08-05 09:21:14.431 [service.authentication] [/api/v1/token] __create_token username:admin
DEBUG: 2024-08-05 09:21:14.431 [authentication.tokens] [/api/v1/token] create_access_token
DEBUG: 2024-08-05 09:21:14.433 [authentication.tokens] [/api/v1/token] create_refresh_token
DEBUG: 2024-08-05 09:21:14.433 [service.authentication] [/api/v1/token] user name: admin id: 72c17254-231a-4807-b8d1-8c00dc413cba refresh expires:7 days, 0:00:00
DEBUG: 2024-08-05 09:21:14.433 [authentication.tokens] [/api/v1/token] add_refresh_token
DEBUG: 2024-08-05 09:21:14.433 [authentication.tokens] [/api/v1/token] __delete_user_token
DEBUG: 2024-08-05 09:21:14.435 [authentication.tokens] [/api/v1/token] add_refresh_token.delete old token: False
DEBUG: 2024-08-05 09:21:14.435 [authentication.tokens] [/api/v1/token] _add_user_token
INFO: 10.244.0.0:37334 - "POST /api/v1/token HTTP/1.1" 200 OK
INFO: 10.244.0.0:46284 - "GET /api/v1/setup/version HTTP/1.1" 401 Unauthorized
INFO: 10.244.0.0:37694 - "GET /api/v1/setup/version HTTP/1.1" 401 UnauthorizedAs for the diagnostic it now informs me of a warning about the origin. I've noticed that before, that's why I've changed it to the ingress's URL. Here's the current report:
# Agent State Manager Report**
- Backend info
- app_name: **velero-api**;
- helm_app_version: **0.1.14**;
- helm_version: **0.1.14**;
- helm_api: **0.1.18**;
- helm_ui: **0.1.16**;
- api_release_version: **0.1.18**;
- helm_watchdog: **0.1.6**;
- UI URL: **https://###.###.###**
- API URL: **https://###.###.###/api**
- K8s Health
- cluster online: **true**
- nodes:
- total: **28**;
- in error: **0**;
- API Origins
- *;
- Architecture: **amd64**
- Watchdog: **alive**
- Compatibility: **true**
- Boolean State
- getUiURL: **true**;
- getApiURL: **true**;
- checkApiReacheable: **true**;
- getArchitecture: **true**;
- getOrigins: **true**;
- validateOrigins: **true**;
- getWatchdogInfo: **true**;
- getClusterHealth: **true**;
- getUiApiVerCompatibility: **true**;I'll also attach the log file logs.txt
davideserio
commented
2 months ago In your config file manually add the securityTokenKey under apiConfig section:
apiConfig:
securityTokenKey: <your-token-key>
... other config ...To generate a fixed secure random secret key use the command:
openssl rand -hex 32Let me know if this solves the problem
MuriloCouceiro
commented
2 months ago That solves the problem! I can now log in and check Velero's insights as expected!
Thank you!
Hello,
I'm getting these 401's in the velero-api module, which blocks me from logging in the velero-ui.
I'm deploying both with helm charts (velero v6.7.0 and vui v0.1.13).
Any ideas of what might be causing this?
here are my vui values: