New Admin Interface - Cannot Login

Added by Zach Guithues 4 months ago

Hi,

I'm trying to get the new admin interface working but i've been unable to login. It's probably related to my use of custom domain & HTTPS cert...

I can load the login page at phone.MYDOMAIN.com/admin, but the it doesn't accept my password with the error: "Wazo authentication server connection error"

Here is the error from the "wazo-admin-ui.log"

2017-06-15 10:29:04,412 [1467] (INFO) (wazo_admin_ui): (127.0.0.1) POST https://phone.MYDOMAIN.com/admin/login/ 302
2017-06-15 10:29:04,500 [1467] (INFO) (wazo_admin_ui): (127.0.0.1) GET https://phone.MYDOMAIN.com/admin/ 302
2017-06-15 10:29:04,599 [1467] (INFO) (wazo_admin_ui): (127.0.0.1) GET https://phone.MYDOMAIN.com/admin/login/ 200
2017-06-15 10:29:04,779 [1467] (INFO) (wazo_admin_ui): (127.0.0.1) GET https://phone.MYDOMAIN.com/admin/static/fonts/fontawesome-webfont.woff2?v=4.7.0 200
2017-06-15 10:41:17,798 [1467] (INFO) (urllib3.connectionpool): Starting new HTTPS connection (1): localhost
2017-06-15 10:41:17,809 [1467] (ERROR) (wazo_admin_ui.core.errors): <type 'exceptions.Exception'>
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1475, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/lib/python2.7/dist-packages/flask_classful.py", line 231, in proxy
    response = view(**request.view_args)
  File "/usr/lib/python2.7/dist-packages/flask_classful.py", line 202, in inner
    return fn(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/wazo_admin_ui/plugins/authentication/view.py", line 27, in post
    return self._login()
  File "/usr/lib/python2.7/dist-packages/wazo_admin_ui/plugins/authentication/view.py", line 35, in _login
    if form.validate_on_submit():
  File "/usr/lib/python2.7/dist-packages/flask_wtf/form.py", line 101, in validate_on_submit
    return self.is_submitted() and self.validate()
  File "/usr/lib/python2.7/dist-packages/wazo_admin_ui/plugins/authentication/form.py", line 45, in validate
    raise ValidationError(l_('Wazo authentication server connection error'))
ValidationError: Wazo authentication server connection error

i think the issue stems from: "2017-06-15 10:41:17,798 [1467] (INFO) (urllib3.connectionpool): Starting new HTTPS connection (1): localhost"

i double checked my custom-certificate.yml, and added the 2 recent additions "call_logd" & "plugind".

I feel like this is probably a pretty simple fix, i'm just not fluent enough in wazo to know where to look.

Thanks for your help!


Replies (2)

RE: New Admin Interface - Cannot Login - Added by Sébastien Duthil 4 months ago

What you see here is that the daemon wazo-admin-ui (who serves the new admin web UI) cannot contact the daemon xivo-auth (responsible for the authentication). This means that in the configuration of wazo-admin-ui, in /etc/wazo-admin-ui/conf.d, nothing is telling it "xivo-auth is on the host phone.MYDOMAIN.com", so it tries the default host, which is "localhost". In order to do that, we need a symlink from /etc/wazo-admin-ui/conf.d/something.yml to custom-certificate.yml, then restart wazo-admin-ui with systemctl restart wazo-admin-ui.

In the docs, the code that does this is the little "for" loop at the end... but since wazo-admin-ui did not exist at the time you ran it, it could not create the symlink.

This is clearly a missing part in our docs about custom certificates, but to do this properly, we need a bit of development to generate certificate configuration dynamically...

RE: New Admin Interface - Cannot Login - Added by Zach Guithues 4 months ago

That fixed it! Thanks for the speedy response!

I would recommend integrating letsencrypt in the future. You could potentially have a script that sets (or changes) the hostname, then proceeds to collect a letsencrypt cert and setup auto renewal.

(1-2/2)