New Admin Interface - Cannot Login

Added by Zach Guithues 11 days ago

Hi,

I'm trying to get the new admin interface working but i've been unable to login. It's probably related to my use of custom domain & HTTPS cert...

I can load the login page at phone.MYDOMAIN.com/admin, but the it doesn't accept my password with the error: "Wazo authentication server connection error"

Here is the error from the "wazo-admin-ui.log"

2017-06-15 10:29:04,412 [1467] (INFO) (wazo_admin_ui): (127.0.0.1) POST https://phone.MYDOMAIN.com/admin/login/ 302
2017-06-15 10:29:04,500 [1467] (INFO) (wazo_admin_ui): (127.0.0.1) GET https://phone.MYDOMAIN.com/admin/ 302
2017-06-15 10:29:04,599 [1467] (INFO) (wazo_admin_ui): (127.0.0.1) GET https://phone.MYDOMAIN.com/admin/login/ 200
2017-06-15 10:29:04,779 [1467] (INFO) (wazo_admin_ui): (127.0.0.1) GET https://phone.MYDOMAIN.com/admin/static/fonts/fontawesome-webfont.woff2?v=4.7.0 200
2017-06-15 10:41:17,798 [1467] (INFO) (urllib3.connectionpool): Starting new HTTPS connection (1): localhost
2017-06-15 10:41:17,809 [1467] (ERROR) (wazo_admin_ui.core.errors): <type 'exceptions.Exception'>
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1475, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/lib/python2.7/dist-packages/flask_classful.py", line 231, in proxy
    response = view(**request.view_args)
  File "/usr/lib/python2.7/dist-packages/flask_classful.py", line 202, in inner
    return fn(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/wazo_admin_ui/plugins/authentication/view.py", line 27, in post
    return self._login()
  File "/usr/lib/python2.7/dist-packages/wazo_admin_ui/plugins/authentication/view.py", line 35, in _login
    if form.validate_on_submit():
  File "/usr/lib/python2.7/dist-packages/flask_wtf/form.py", line 101, in validate_on_submit
    return self.is_submitted() and self.validate()
  File "/usr/lib/python2.7/dist-packages/wazo_admin_ui/plugins/authentication/form.py", line 45, in validate
    raise ValidationError(l_('Wazo authentication server connection error'))
ValidationError: Wazo authentication server connection error

i think the issue stems from: "2017-06-15 10:41:17,798 [1467] (INFO) (urllib3.connectionpool): Starting new HTTPS connection (1): localhost"

i double checked my custom-certificate.yml, and added the 2 recent additions "call_logd" & "plugind".

I feel like this is probably a pretty simple fix, i'm just not fluent enough in wazo to know where to look.

Thanks for your help!


Replies (2)

RE: New Admin Interface - Cannot Login - Added by Sébastien Duthil 11 days ago

What you see here is that the daemon wazo-admin-ui (who serves the new admin web UI) cannot contact the daemon xivo-auth (responsible for the authentication). This means that in the configuration of wazo-admin-ui, in /etc/wazo-admin-ui/conf.d, nothing is telling it "xivo-auth is on the host phone.MYDOMAIN.com", so it tries the default host, which is "localhost". In order to do that, we need a symlink from /etc/wazo-admin-ui/conf.d/something.yml to custom-certificate.yml, then restart wazo-admin-ui with systemctl restart wazo-admin-ui.

In the docs, the code that does this is the little "for" loop at the end... but since wazo-admin-ui did not exist at the time you ran it, it could not create the symlink.

This is clearly a missing part in our docs about custom certificates, but to do this properly, we need a bit of development to generate certificate configuration dynamically...

RE: New Admin Interface - Cannot Login - Added by Zach Guithues 11 days ago

That fixed it! Thanks for the speedy response!

I would recommend integrating letsencrypt in the future. You could potentially have a script that sets (or changes) the hostname, then proceeds to collect a letsencrypt cert and setup auto renewal.

(1-2/2)