On Sat, 20 Jul 2019, 22:22 Michael E., <[email protected]> wrote:
> > Hi Awasum, Thanks for your response. Since my original email I have done > some more investigation and found the source of the issue, at least in my > case. The error in my original email (invalid system token) was appearing > when using this docker setup: > https://github.com/openMF/fineract-cn-containers . I also found a more > recent version of this setup which uses a different module to generate the > RSA keypair: https://github.com/Anh3h/fineract-cn-containers/tree/develop . > Unfortunately this version didn't work either. > > I investigated the source of the error and found that it occured when > assigning the identity service to a tenant through the provisioner. During > this process the provisioner calls the /initialize endpoint of identity, > which is authenticated by a system key (issued by provisioner). The issue > was identity wouldn't accept this key. > > The key was not accepted because the docker image for the provisioner used > in fineract-cn-containers, anh3h/fineract-cn-provisioner, is a modified > version of provisioner that generates it's own RSA keypair, instead of > using the one provided by environment vairables. The differing keys caused > identity to not accept the system token created by provisioner. I'm not > sure exaclty why this image was used. I built a new image which runs the > latest provisioner from artifactory, and the provisioning process was able > to continue. There are a few more issues with the provisioning script in > fineract-cn-containers, which I was able to fix. I am currently in the > process of creating a new docker-compose configuration, which I might be > able to share if anyone is interested. > I'm sure PRs for this would be welcome! As for the demo server, I didn't investigate the issue I was having with it > much further, I find a docker configuration much easier to run, > particularly when I can't run the demo server locally anyway since my > computer lacks the resources to do so. > > If anyone has any questions about this let me know, I spent almost a week > trying to get this to work so I'd like to make sure nobody else has to > repeat my work. > Again, IMHO the best, because it's the most "durable" (much more than e.g. emails), is PRs which improve scripts, README etc. Michael. > > On Fri, Jul 19, 2019 at 9:42 PM Awasum Yannick <[email protected]> wrote: > >> >> >> On Mon, Jul 15, 2019 at 11:58 PM Michael E. <[email protected]> >> wrote: >> >>> Hello, >>> >>> Over the past few days I've been trying to setup a Fineract-CN instance >>> I can test with. Since my machine doesn't have enough RAM I tried deploying >>> in Google Cloud Compute. >>> >>> Initially I followed this tutorial: >>> >>> https://cwiki.apache.org/confluence/display/FINERACT/How+To+Build+Apache+Fineract+CN >>> >>> >>> I got through everything and got demo-server working, but only in >>> lite-mode. Since I wanted to try out the rest of the services I tried >>> running the full version. After making sure I had enough RAM I tried the >>> full version and kept running into failures during provisioning. I think I >>> have it narrowed down to this error: >>> >> >> Can you provide your full logs. >> >>> >>> 12:19:29.115 [qtp1825419935-15] INFO o.a.f.c.l.c.ServiceExceptionFilter >>> - Responding with a service error ServiceError{code=409, message='The given >>> identity instance didnt recognize the system token as valid. Perhaps the >>> system keys for the provisioner or for the identity manager are >>> misconfigured?'} >>> 12:20:29.192 [qtp1825419935-16] WARN provisioner-logger - The given >>> identity instance didn't recognize the system token as valid. >>> org.apache.fineract.cn.api.util.InvalidTokenException: >>> {"timestamp":1563193229188,"status":403,"error":"Forbidden","message":"Access >>> Denied","path":"/identity/v1/initialize"} >>> >> >> Is everyone facing this error? I dont know whats goint wrong here? let me >> run and see whats the problem.... >> >>> >>> Since I couldn't figure out how to fix it, I decided to try running >>> using this docker-compose setup: >>> https://github.com/openMF/fineract-cn-containers >>> >>> Unfortunately, during provisioning the exact same failure occurs. I >>> tried provisioning using the supplied script and manually sending the >>> requests via postman with a configuration I found here: >>> https://github.com/senacor/fineract-setup/tree/master/scripts/postman >>> >>> As far as I can tell, the error occurs when assigning an identity >>> service to the new tenant, but I may be wrong as I just got into this >>> project and don't really understand the provisioning process. >>> >>> I did find two previous threads discussing this issue but none of them >>> seem to reach a solution: >>> >>> https://lists.apache.org/thread.html/c89909c56c4b8e500a6802d0601b0dd0f868a64a73e609c7071d3812@%3Cdev.fineract.apache.org%3E >>> >>> >>> https://lists.apache.org/thread.html/c726cd1161e61096c65bc51a5afd5db18f1b4e60c6dcc3e8b2fb9c3a@%3Cdev.fineract.apache.org%3E >>> >>> >>> Any help would be greatly appreciated. >>> Michael. >>> >> > > -- > מיכאל אלגאוי michael elgavi <[email protected]> >
