Dinuka, I uploaded new certificates for ide integration module. You have do a full cleanup of docker containers and restart APIServer to make it fully functional.
docker-compose down docker-compose rm rm -rf database_data docker-compose up Here [2] are the commands to generate the self signed certificate in case if we need it in future. [2] https://github.com/apache/airavata/tree/develop/modules/ide-integration#note-optional-creating-certificates-if-expired Thanks Dimuthu On Thu, Apr 9, 2020 at 9:26 PM DImuthu Upeksha <dimuthu.upeks...@gmail.com> wrote: > Dinuka > > I saw couple of issues but I believe that below is the closest issue > from your logs > > 2020-04-09 00:00:39,326 [pool-79-thread-1] ERROR > o.a.a.s.s.KeyCloakSecurityManager Error occurred while checking if user: > default-admin is authorized for action: /airavata/getGatewayGroups in > gateway: default [] > javax.net.ssl.SSLHandshakeException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:324) > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:267) > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:262) > at > java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645) > at > java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464) > at > java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360) > at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) > at > java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) > at > java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) > at > java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181) > at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) > at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460) > at > java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368) > at > java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437) > at > java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567) > at > java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:171) > at > java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1587) > at > java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1515) > at > java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:224) > at > org.apache.airavata.service.security.KeyCloakSecurityManager.getFromUrl(KeyCloakSecurityManager.java:394) > at > org.apache.airavata.service.security.KeyCloakSecurityManager.getUserInfo(KeyCloakSecurityManager.java:318) > at > org.apache.airavata.service.security.KeyCloakSecurityManager.validateToken(KeyCloakSecurityManager.java:350) > at > org.apache.airavata.service.security.KeyCloakSecurityManager.getGatewayGroupMembership(KeyCloakSecurityManager.java:331) > at > org.apache.airavata.service.security.KeyCloakSecurityManager.isUserAuthorized(KeyCloakSecurityManager.java:253) > at > org.apache.airavata.service.security.interceptor.SecurityInterceptor.authorize(SecurityInterceptor.java:67) > at > org.apache.airavata.service.security.interceptor.SecurityInterceptor.invoke(SecurityInterceptor.java:52) > at > com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:75) > at > com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55) > at > org.apache.airavata.api.server.handler.AiravataServerHandler$$EnhancerByGuice$$11b56453.getGatewayGroups(<generated>) > at > org.apache.airavata.api.Airavata$Processor$getGatewayGroups.getResult(Airavata.java:23303) > at > org.apache.airavata.api.Airavata$Processor$getGatewayGroups.getResult(Airavata.java:23287) > at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39) > at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39) > at > org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286) > at > java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) > at > java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > at java.base/java.lang.Thread.run(Thread.java:830) > > This happens because self signed ssl keys/certificates [1] for keycloak > are valid till 02/2020. We need to update them. > > @Marcus, @Isuru > > I will regenerate them for now but in the long run we need to generate > them automatically when the docker compose is executed. Probably via > another container instance. However I'm not sure why it's even working at > least for 30 minutes. It should be failed from the very first call to the > Keycloak. For my setup, it doesn't even fail after 30 minutes. > > Owner: CN=airavata.host, OU=airavata.host, O=airavata.host, > L=airavata.host, ST=airavata.host, C=airavata.host > Issuer: CN=airavata.host, OU=airavata.host, O=airavata.host, > L=airavata.host, ST=airavata.host, C=airavata.host > Serial number: 4a9e5bf1 > *Valid from: Fri Feb 22 08:50:43 EST 2019 until: Mon Feb 17 08:50:43 EST > 2020* > Certificate fingerprints: > SHA1: 7C:2B:7C:39:BB:C5:9E:69:7E:B5:8D:4E:E7:9C:44:05:6D:5E:7A:95 > SHA256: > F3:A1:53:31:05:1D:F0:E2:2B:55:95:44:3F:6E:AB:AE:75:65:9F:8D:C1:8F:0D:4A:AF:AE:4C:80:BA:45:00:1F > Signature algorithm name: SHA256withRSA > Subject Public Key Algorithm: 2048-bit RSA key > > [1] > https://github.com/apache/airavata/tree/master/modules/ide-integration/src/main/resources/keystores > > Thanks > Dimuthu > > > > On Thu, Apr 9, 2020 at 8:20 PM Dinuka Desilva <l.dinukadesi...@gmail.com> > wrote: > >> Hi Dimuthu, >> >> Please find them below. >> >> settings_local.py >> <https://drive.google.com/file/d/1SAxdZpzptjTAJTkfzMcnq99SCjjQTpWm/view?usp=drive_web> >> >> Screenshot 2020-04-03 at 4.03.25 PM.png >> <https://drive.google.com/file/d/1AKf_44WB2cFRfPKNqot8dvH6PISg8Itm/view?usp=drive_web> >> Regards, >> Dinuka >> >> On Fri, Apr 10, 2020 at 5:00 AM DImuthu Upeksha < >> dimuthu.upeks...@gmail.com> wrote: >> >>> Hi Dinuka, >>> >>> Can you please resend the screenshot you have sent before? I guess >>> apache mail server drops attachments for some reason. Can you upload it to >>> drive or dropbox and share the link? >>> >>> Thanks >>> Dimuthu >>> >>> On Thu, Apr 9, 2020 at 11:27 AM Dinuka Desilva < >>> l.dinukadesi...@gmail.com> wrote: >>> >>>> Hi Dimuthu, >>>> >>>> I'm using the "develop" branch on both repos. (airavata and >>>> airavata-django-portal) >>>> >>>> Regards, >>>> Dinuka >>>> >>>> On Thu, Apr 9, 2020 at 2:15 PM DImuthu Upeksha < >>>> dimuthu.upeks...@gmail.com> wrote: >>>> >>>>> Dinuka, >>>>> >>>>> What is the branch you are using? >>>>> >>>>> Dimuthu >>>>> >>>>> On Wed, Apr 8, 2020 at 2:45 PM Dinuka Desilva < >>>>> l.dinukadesi...@gmail.com> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Let me upload the logs of docker-compose, airavata-server and >>>>>> airavata-django-portal below. I've been actually having this issue >>>>>> continuously and not once in a while. Most of the time after every 20-15 >>>>>> minutes,I had to recreate everything. Sometimes even the first attempt >>>>>> end >>>>>> up with this issue. >>>>>> >>>>>> Regards, >>>>>> Dinuka >>>>>> >>>>>> On Wed, Apr 8, 2020 at 3:06 AM Christie, Marcus Aaron < >>>>>> machr...@iu.edu> wrote: >>>>>> >>>>>>> I've seen this problem too. Are there an errors in the >>>>>>> 'docker-compose up' output? >>>>>>> >>>>>>> On Apr 5, 2020, at 9:55 PM, Isuru Ranawaka <irjan...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Sun, Apr 5, 2020 at 8:59 PM Suresh Marru <sma...@apache.org> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Isuru, >>>>>>>> >>>>>>>> I wonder if it is related to renew tokens? Any insights? >>>>>>>> >>>>>>> >>>>>>> There is a chance. But, AFAIK the server caches authorization >>>>>>> decisions for at least one hour through auth cache (by default this is >>>>>>> enabled). So it is unlikely that the server may try to renew tokens >>>>>>> before >>>>>>> that time. Breaking in 30 minutes interval is wired. Anyhow, there is a >>>>>>> probability of occurring this if sever unable to access sharing >>>>>>> registry. >>>>>>> Hence, I think better to check whether DB connections and IAM sever >>>>>>> connections are correctly established. >>>>>>> >>>>>>> Is there any error logs on server-side ? >>>>>>> >>>>>>> thanks >>>>>>> Isuru >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Suresh >>>>>>>> >>>>>>>> On Apr 3, 2020, at 6:48 AM, Dinuka Desilva < >>>>>>>> l.dinukadesi...@gmail.com> wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> I got the airava and airavata-django-portal running on localhost by >>>>>>>> executing following script on 4 terminals one after the other. >>>>>>>> >>>>>>>> 1. docker-compose down && rm -rf database_data/ && >>>>>>>> docker-compose up >>>>>>>> 2. mvn exec:java >>>>>>>> >>>>>>>> -Dexec.mainClass="org.apache.airavata.ide.integration.APIServerStarter" >>>>>>>> 3. . ./build_js.sh >>>>>>>> 4. source ./venv/bin/activate && rm -rf ./tmp/ && rm -rf >>>>>>>> db.sqlite3 && python manage.py migrate && python manage.py >>>>>>>> load_default_gateway && python manage.py runserver >>>>>>>> >>>>>>>> >>>>>>>> With this I could access the localhost server at >>>>>>>> http://localhost:8000. But, only for less than half an hour it >>>>>>>> worked and then it's ended up with the following error. It has the >>>>>>>> logged >>>>>>>> in user though an error occurred. >>>>>>>> >>>>>>>> <Screenshot 2020-04-03 at 4.03.25 PM.png> >>>>>>>> >>>>>>>> Neither restarting the servers nor clearing cache didn't solve this >>>>>>>> issue. And I had to execute above four script again which recreates the >>>>>>>> database. For kind of each 20-30 minutes, I had to do this. I'm >>>>>>>> doubtful >>>>>>>> whether I'm doing anything wrong. >>>>>>>> >>>>>>>> Also, below I have attached the settings_local.py. >>>>>>>> >>>>>>>> Thanka & Regards, >>>>>>>> Dinuka >>>>>>>> <settings_local.py> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Research Software Engineer >>>>>>> Indiana University, IN >>>>>>> >>>>>>> >>>>>>>