I could submit a PR once I have it all working, just not sure what repo to submit to. fineract-cn-containers is still on the Mifos GitHub account when I was under the impression everything was moved to Apache.
On Sat, Jul 20, 2019, 11:32 PM Michael Vorburger <[email protected]> wrote: > On Sat, 20 Jul 2019, 22:22 Michael E., <[email protected]> wrote: > >> >> Hi Awasum, Thanks for your response. Since my original email I have done >> some more investigation and found the source of the issue, at least in my >> case. The error in my original email (invalid system token) was appearing >> when using this docker setup: >> https://github.com/openMF/fineract-cn-containers . I also found a more >> recent version of this setup which uses a different module to generate the >> RSA keypair: >> https://github.com/Anh3h/fineract-cn-containers/tree/develop . >> Unfortunately this version didn't work either. >> >> I investigated the source of the error and found that it occured when >> assigning the identity service to a tenant through the provisioner. During >> this process the provisioner calls the /initialize endpoint of identity, >> which is authenticated by a system key (issued by provisioner). The issue >> was identity wouldn't accept this key. >> >> The key was not accepted because the docker image for the provisioner >> used in fineract-cn-containers, anh3h/fineract-cn-provisioner, is a >> modified version of provisioner that generates it's own RSA keypair, >> instead of using the one provided by environment vairables. The differing >> keys caused identity to not accept the system token created by provisioner. >> I'm not sure exaclty why this image was used. I built a new image which >> runs the latest provisioner from artifactory, and the provisioning process >> was able to continue. There are a few more issues with the provisioning >> script in fineract-cn-containers, which I was able to fix. I am currently >> in the process of creating a new docker-compose configuration, which I >> might be able to share if anyone is interested. >> > > I'm sure PRs for this would be welcome! > > As for the demo server, I didn't investigate the issue I was having with >> it much further, I find a docker configuration much easier to run, >> particularly when I can't run the demo server locally anyway since my >> computer lacks the resources to do so. >> >> If anyone has any questions about this let me know, I spent almost a week >> trying to get this to work so I'd like to make sure nobody else has to >> repeat my work. >> > > Again, IMHO the best, because it's the most "durable" (much more than e.g. > emails), is PRs which improve scripts, README etc. > > Michael. >> >> On Fri, Jul 19, 2019 at 9:42 PM Awasum Yannick <[email protected]> wrote: >> >>> >>> >>> On Mon, Jul 15, 2019 at 11:58 PM Michael E. <[email protected]> >>> wrote: >>> >>>> Hello, >>>> >>>> Over the past few days I've been trying to setup a Fineract-CN instance >>>> I can test with. Since my machine doesn't have enough RAM I tried deploying >>>> in Google Cloud Compute. >>>> >>>> Initially I followed this tutorial: >>>> >>>> https://cwiki.apache.org/confluence/display/FINERACT/How+To+Build+Apache+Fineract+CN >>>> >>>> >>>> I got through everything and got demo-server working, but only in >>>> lite-mode. Since I wanted to try out the rest of the services I tried >>>> running the full version. After making sure I had enough RAM I tried the >>>> full version and kept running into failures during provisioning. I think I >>>> have it narrowed down to this error: >>>> >>> >>> Can you provide your full logs. >>> >>>> >>>> 12:19:29.115 [qtp1825419935-15] INFO >>>> o.a.f.c.l.c.ServiceExceptionFilter - Responding with a service error >>>> ServiceError{code=409, message='The given identity instance didnt recognize >>>> the system token as valid. Perhaps the system keys for the provisioner or >>>> for the identity manager are misconfigured?'} >>>> 12:20:29.192 [qtp1825419935-16] WARN provisioner-logger - The given >>>> identity instance didn't recognize the system token as valid. >>>> org.apache.fineract.cn.api.util.InvalidTokenException: >>>> {"timestamp":1563193229188,"status":403,"error":"Forbidden","message":"Access >>>> Denied","path":"/identity/v1/initialize"} >>>> >>> >>> Is everyone facing this error? I dont know whats goint wrong here? let >>> me run and see whats the problem.... >>> >>>> >>>> Since I couldn't figure out how to fix it, I decided to try running >>>> using this docker-compose setup: >>>> https://github.com/openMF/fineract-cn-containers >>>> >>>> Unfortunately, during provisioning the exact same failure occurs. I >>>> tried provisioning using the supplied script and manually sending the >>>> requests via postman with a configuration I found here: >>>> https://github.com/senacor/fineract-setup/tree/master/scripts/postman >>>> >>>> As far as I can tell, the error occurs when assigning an identity >>>> service to the new tenant, but I may be wrong as I just got into this >>>> project and don't really understand the provisioning process. >>>> >>>> I did find two previous threads discussing this issue but none of them >>>> seem to reach a solution: >>>> >>>> https://lists.apache.org/thread.html/c89909c56c4b8e500a6802d0601b0dd0f868a64a73e609c7071d3812@%3Cdev.fineract.apache.org%3E >>>> >>>> >>>> https://lists.apache.org/thread.html/c726cd1161e61096c65bc51a5afd5db18f1b4e60c6dcc3e8b2fb9c3a@%3Cdev.fineract.apache.org%3E >>>> >>>> >>>> Any help would be greatly appreciated. >>>> Michael. >>>> >>> >> >> -- >> מיכאל אלגאוי michael elgavi <[email protected]> >> >
