adminUI login with error "HTTP Status 401 Unauthorized"

[scany1211]

1. ENV：

   kubectl version：
   Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.5", GitCommit:"e6503f8d8f769ace2f338794c914a96fc335df0f", GitTreeState:"clean", BuildDate:"2020-06-26T03:47:41Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
   Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40", GitTreeState:"clean", BuildDate:"2020-05-20T12:43:34Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}

   sitewhere 2.1

2. all the pod status are running as below:

   kafka-0                                          2/2     Running   0          45m    10.42.3.218   worker3    <none>           <none>
   kafka-zookeeper-0                                2/2     Running   0          45m    10.42.3.217   worker3    <none>           <none>
   sitewhere-asset-management-5cfb4c74d6-w4bd8      2/2     Running   0          29m    10.42.3.235   worker3    <none>           <none>
   sitewhere-device-management-978c779f6-mcq4f      2/2     Running   0          29m    10.42.3.236   worker3    <none>           <none>
   sitewhere-event-management-5567c87fbb-jsmjj      2/2     Running   0          29m    10.42.3.230   worker3    <none>           <none>
   sitewhere-event-sources-7bdb4dd6dc-f4ljb         2/2     Running   1          29m    10.42.6.56    rancher3   <none>           <none>
   sitewhere-inbound-processing-688869cc-frs2h      2/2     Running   0          29m    10.42.3.231   worker3    <none>           <none>
   sitewhere-instance-management-7745cb87cd-ggh44   2/2     Running   0          29m    10.42.6.61    rancher3   <none>           <none>
   sitewhere-mongodb-arbiter-0                      1/1     Running   0          29m    10.42.3.234   worker3    <none>           <none>
   sitewhere-mongodb-primary-0                      1/1     Running   0          29m    10.42.6.59    rancher3   <none>           <none>
   sitewhere-mongodb-secondary-0                    1/1     Running   1          29m    10.42.6.58    rancher3   <none>           <none>
   sitewhere-mosquitto-6886b59768-fbjdp             1/1     Running   0          29m    10.42.3.228   worker3    <none>           <none>
   sitewhere-outbound-connectors-5dccbfcfff-whh86   2/2     Running   0          29m    10.42.3.232   worker3    <none>           <none>
   sitewhere-syncope-68474dd97c-9mxcj               1/1     Running   0          29m    10.42.6.57    rancher3   <none>           <none>
   sitewhere-syncope-console-7fbfcdbf9-hzfbj        1/1     Running   0          29m    10.42.6.54    rancher3   <none>           <none>
   sitewhere-syncope-enduser-56877b8875-wfgm9       1/1     Running   0          29m    10.42.6.55    rancher3   <none>           <none>
   sitewhere-tenantsdb-0                            1/1     Running   0          29m    10.42.6.60    rancher3   <none>           <none>
   sitewhere-warp10-0                               1/1     Running   0          29m    10.42.3.233   worker3    <none>           <none>
   sitewhere-web-rest-7f6d7db47-hd49h               1/2     Running   0          113s   10.42.3.237   worker3    <none>           <none>

3. I have exposed the sitewhere web-rest svc to one NodePort svc as below:

   sitewhere-asset-management-svc      ClusterIP      None            <none>        9000/TCP,9001/TCP,9090/TCP                     40m
   sitewhere-device-management-svc     ClusterIP      None            <none>        9000/TCP,9001/TCP,9090/TCP                     40m
   sitewhere-event-management-svc      ClusterIP      None            <none>        9000/TCP,9001/TCP,9090/TCP                     40m
   sitewhere-event-sources-svc         ClusterIP      10.43.34.120    <none>        9001/TCP,9090/TCP                              40m
   sitewhere-inbound-processing-svc    ClusterIP      10.43.109.248   <none>        9001/TCP,9090/TCP                              40m
   sitewhere-instance-management-svc   ClusterIP      10.43.191.183   <none>        9000/TCP,9001/TCP,9004/TCP,9005/TCP,9090/TCP   40m
   sitewhere-mongodb                   ClusterIP      10.43.199.239   <none>        27017/TCP                                      40m
   sitewhere-mongodb-headless          ClusterIP      None            <none>        27017/TCP                                      40m
   sitewhere-mosquitto-svc             LoadBalancer   10.43.144.116   <pending>     1883:32342/TCP                                 40m
   sitewhere-outbound-connectors-svc   ClusterIP      10.43.74.36     <none>        9001/TCP,9090/TCP                              40m
   sitewhere-syncope                   ClusterIP      10.43.17.126    <none>        8080/TCP                                       40m
   sitewhere-syncope-console           ClusterIP      10.43.37.44     <none>        8080/TCP                                       40m
   sitewhere-syncope-enduser           ClusterIP      10.43.196.217   <none>        8080/TCP                                       40m
   sitewhere-tenantsdb                 ClusterIP      10.43.254.0     <none>        5432/TCP                                       40m
   sitewhere-tenantsdb-headless        ClusterIP      None            <none>        5432/TCP                                       40m
   sitewhere-warp10                    ClusterIP      10.43.8.215     <none>        8080/TCP,8081/TCP                              40m
   sitewhere-warp10-headless           ClusterIP      None            <none>        8080/TCP,8081/TCP                              40m
   sitewhere-web-rest-grpc             ClusterIP      10.43.134.179   <none>        9001/TCP,9090/TCP                              40m
   sitewhere-web-rest-http             NodePort       10.43.81.154    <none>        8080:32051/TCP                                 40m

4. login the sitewhere admin UI with the node ip and port 32051, shows error " HTTP Status 401 Unauthorized Type Status Report

Message Unauthorized

Description The request has not been applied because it lacks valid authentication credentials for the target resource."

5. has checked the port in pod sitewhere-web-rest-7f6d7db47-hd49h , 8080 port is listening.

   # netstat -anp|grep 8080
   tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      1/java
   tcp        0      0 127.0.0.1:41942         127.0.0.1:8080          ESTABLISHED -
   tcp        0      0 127.0.0.1:8080          127.0.0.1:41942         ESTABLISHED 1/java

6. checked the sitewhere-web-rest-7f6d7db47-hd49h pod log via kubectl logs sitewhere-web-rest-7f6d7db47-hd49h -c sitewhere-web-rest, shows error as below:

   
   2020-08-04 07:10:53.727 ERROR 1 --- [nio-8080-exec-3] c.s.w.s.SiteWhereAuthenticationProvider  : Authentication exception.

com.sitewhere.spi.microservice.ServiceNotAvailableException: The requested service is not available [UNAVAILABLE: upstream connect error or disconnect/reset before headers. reset reason: connection failure] at com.sitewhere.grpc.client.GrpcUtils.handleClientMethodException(GrpcUtils.java:225) ~[sitewhere-grpc-client-2.1.1.jar!/:na] at com.sitewhere.grpc.client.user.UserManagementApiChannel.authenticate(UserManagementApiChannel.java:150) ~[sitewhere-grpc-client-2.1.1.jar!/:na] at com.sitewhere.grpc.client.user.CachedUserManagementApiChannel.authenticate(CachedUserManagementApiChannel.java:145) ~[sitewhere-grpc-client-2.1.1.jar!/:na] at com.sitewhere.web.security.SiteWhereAuthenticationProvider.authenticateBasicAuth(SiteWhereAuthenticationProvider.java:86) [classes!/:na] at com.sitewhere.web.security.SiteWhereAuthenticationProvider.authenticate(SiteWhereAuthenticationProvider.java:58) [classes!/:na] at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) [spring-security-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE] at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) [spring-security-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE] at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:180) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE] @

and aslo some error like below, not sure whether it's related.

2020-08-04 07:12:00.676 DEBUG 1 --- [-worker-ELG-3-2] i.g.n.NettyServerTransport.connections : Transport failed

java.io.IOException: Connection reset by peer at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[na:1.8.0_212] at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) ~[na:1.8.0_212] at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) ~[na:1.8.0_212] at sun.nio.ch.IOUtil.read(IOUtil.java:192) ~[na:1.8.0_212] at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) ~[na:1.8.0_212] at io.netty.buffer.PooledUnsafeDirectByteBuf.setBytes(PooledUnsafeDirectByteBuf.java:288) ~[netty-buffer-4.1.34.Final.jar!/:4.1.34.Final] at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:1125) ~[netty-buffer-4.1.34.Final.jar!/:4.1.34.Final] at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:347) ~[netty-transport-4.1.34.Final.jar!/:4.1.34.Final] at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:148) ~[netty-transport-4.1.34.Final.jar!/:4.1.34.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:677) [netty-transport-4.1.34.Final.jar!/:4.1.34.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:612) [netty-transport-4.1.34.Final.jar!/:4.1.34.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:529) [netty-transport-4.1.34.Final.jar!/:4.1.34.Final] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:491) [netty-transport-4.1.34.Final.jar!/:4.1.34.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:905) [netty-common-4.1.34.Final.jar!/:4.1.34.Final] at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [netty-common-4.1.34.Final.jar!/:4.1.34.Final] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_212]

Could you help to check ? Thanks

[jorgevillaverde-sitewhere]

Hi @scany1211, SiteWhere 2.x uses Istio to create a service mesh. You need to connect to Istio Ingress Gateway and not to expose web-rest service.

[scany1211]

Hi @scany1211, SiteWhere 2.x uses Istio to create a service mesh. You need to connect to Istio Ingress Gateway and not to expose web-rest service.

hi, Thanks for your reply, but I installed the istio-gateway and try again, got the 404 error. [root@master2 ~]# kubectl describe virtualservice sitewhere-web-rest Name: sitewhere-web-rest Namespace: default Labels: io.cattle.field/appId=sitewhere Annotations: API Version: networking.istio.io/v1beta1 Kind: VirtualService Metadata: Creation Timestamp: 2020-08-05T08:52:54Z Generation: 1 Managed Fields: API Version: networking.istio.io/v1alpha3 Fields Type: FieldsV1 fieldsV1: f:metadata: f:labels: .: f:io.cattle.field/appId: f:spec: .: f:gateways: f:hosts: f:http: Manager: Go-http-client Operation: Update Time: 2020-08-05T08:52:54Z Resource Version: 5393139 Self Link: /apis/networking.istio.io/v1beta1/namespaces/default/virtualservices/sitewhere-web-rest UID: 3d8e8e66-1a36-43eb-a3fd-7c52da91d39b Spec: Gateways: sitewhere-gateway Hosts: * Http: Match: Uri: Prefix: / Route: Destination: Host: sitewhere-web-rest-http Port: Number: 8080 Events:

The istio-gateway is running on the server as below, which has port 80 listening：

[root@rancher3 data]# netstat -anp|grep -w 80 tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 15563/nginx: master tcp 0 0 192.168.2.28:80 192.168.1.94:53508 ESTABLISHED 20375/nginx: worker tcp6 0 0 :::80 ::: LISTEN 15563/nginx: master

So, in adminUI, I configure the connection as http://192.168.2.28:80, but give me error "default backend 404". Could you please help me? Thanks