Hi Micael, Thanks so much for the update. I was only able to catch up with this now. The RSA key provisioning process was updated in the Fineract CN microservices, I updated the script accordingly but I forgot to merge the new updates. I haven't been able to continue work on the code base 'cause I don't have the necessary cloud resources.
All that put aside, I would recommend you make the PR to the Mifos code-based, then the code can be migrated to apache. Best Regards, Courage. On Sat, Jul 20, 2019 at 5:19 PM Michael E. <michael.elg...@gmail.com> wrote: > I could submit a PR once I have it all working, just not sure what repo to > submit to. fineract-cn-containers is still on the Mifos GitHub account when > I was under the impression everything was moved to Apache. > > On Sat, Jul 20, 2019, 11:32 PM Michael Vorburger <m...@vorburger.ch> > wrote: > >> On Sat, 20 Jul 2019, 22:22 Michael E., <michael.elg...@gmail.com> wrote: >> >>> >>> Hi Awasum, Thanks for your response. Since my original email I have done >>> some more investigation and found the source of the issue, at least in my >>> case. The error in my original email (invalid system token) was appearing >>> when using this docker setup: >>> https://github.com/openMF/fineract-cn-containers . I also found a more >>> recent version of this setup which uses a different module to generate the >>> RSA keypair: >>> https://github.com/Anh3h/fineract-cn-containers/tree/develop . >>> Unfortunately this version didn't work either. >>> >>> I investigated the source of the error and found that it occured when >>> assigning the identity service to a tenant through the provisioner. During >>> this process the provisioner calls the /initialize endpoint of identity, >>> which is authenticated by a system key (issued by provisioner). The issue >>> was identity wouldn't accept this key. >>> >>> The key was not accepted because the docker image for the provisioner >>> used in fineract-cn-containers, anh3h/fineract-cn-provisioner, is a >>> modified version of provisioner that generates it's own RSA keypair, >>> instead of using the one provided by environment vairables. The differing >>> keys caused identity to not accept the system token created by provisioner. >>> I'm not sure exaclty why this image was used. I built a new image which >>> runs the latest provisioner from artifactory, and the provisioning process >>> was able to continue. There are a few more issues with the provisioning >>> script in fineract-cn-containers, which I was able to fix. I am currently >>> in the process of creating a new docker-compose configuration, which I >>> might be able to share if anyone is interested. >>> >> >> I'm sure PRs for this would be welcome! >> >> As for the demo server, I didn't investigate the issue I was having with >>> it much further, I find a docker configuration much easier to run, >>> particularly when I can't run the demo server locally anyway since my >>> computer lacks the resources to do so. >>> >>> If anyone has any questions about this let me know, I spent almost a >>> week trying to get this to work so I'd like to make sure nobody else has to >>> repeat my work. >>> >> >> Again, IMHO the best, because it's the most "durable" (much more than >> e.g. emails), is PRs which improve scripts, README etc. >> >> Michael. >>> >>> On Fri, Jul 19, 2019 at 9:42 PM Awasum Yannick <awa...@apache.org> >>> wrote: >>> >>>> >>>> >>>> On Mon, Jul 15, 2019 at 11:58 PM Michael E. <michael.elg...@gmail.com> >>>> wrote: >>>> >>>>> Hello, >>>>> >>>>> Over the past few days I've been trying to setup a Fineract-CN >>>>> instance I can test with. Since my machine doesn't have enough RAM I tried >>>>> deploying in Google Cloud Compute. >>>>> >>>>> Initially I followed this tutorial: >>>>> >>>>> https://cwiki.apache.org/confluence/display/FINERACT/How+To+Build+Apache+Fineract+CN >>>>> >>>>> >>>>> I got through everything and got demo-server working, but only in >>>>> lite-mode. Since I wanted to try out the rest of the services I tried >>>>> running the full version. After making sure I had enough RAM I tried the >>>>> full version and kept running into failures during provisioning. I think I >>>>> have it narrowed down to this error: >>>>> >>>> >>>> Can you provide your full logs. >>>> >>>>> >>>>> 12:19:29.115 [qtp1825419935-15] INFO >>>>> o.a.f.c.l.c.ServiceExceptionFilter - Responding with a service error >>>>> ServiceError{code=409, message='The given identity instance didnt >>>>> recognize >>>>> the system token as valid. Perhaps the system keys for the provisioner or >>>>> for the identity manager are misconfigured?'} >>>>> 12:20:29.192 [qtp1825419935-16] WARN provisioner-logger - The given >>>>> identity instance didn't recognize the system token as valid. >>>>> org.apache.fineract.cn.api.util.InvalidTokenException: >>>>> {"timestamp":1563193229188,"status":403,"error":"Forbidden","message":"Access >>>>> Denied","path":"/identity/v1/initialize"} >>>>> >>>> >>>> Is everyone facing this error? I dont know whats goint wrong here? let >>>> me run and see whats the problem.... >>>> >>>>> >>>>> Since I couldn't figure out how to fix it, I decided to try running >>>>> using this docker-compose setup: >>>>> https://github.com/openMF/fineract-cn-containers >>>>> >>>>> Unfortunately, during provisioning the exact same failure occurs. I >>>>> tried provisioning using the supplied script and manually sending the >>>>> requests via postman with a configuration I found here: >>>>> https://github.com/senacor/fineract-setup/tree/master/scripts/postman >>>>> >>>>> As far as I can tell, the error occurs when assigning an identity >>>>> service to the new tenant, but I may be wrong as I just got into this >>>>> project and don't really understand the provisioning process. >>>>> >>>>> I did find two previous threads discussing this issue but none of them >>>>> seem to reach a solution: >>>>> >>>>> https://lists.apache.org/thread.html/c89909c56c4b8e500a6802d0601b0dd0f868a64a73e609c7071d3812@%3Cdev.fineract.apache.org%3E >>>>> >>>>> >>>>> https://lists.apache.org/thread.html/c726cd1161e61096c65bc51a5afd5db18f1b4e60c6dcc3e8b2fb9c3a@%3Cdev.fineract.apache.org%3E >>>>> >>>>> >>>>> Any help would be greatly appreciated. >>>>> Michael. >>>>> >>>> >>> >>> -- >>> מיכאל אלגאוי michael elgavi <michael.elg...@gmail.com> >>> >>