Dinuka
I saw couple of issues but I believe that below is the closest issue
from your logs
2020-04-09 00:00:39,326 [pool-79-thread-1] ERROR
o.a.a.s.s.KeyCloakSecurityManager Error occurred while checking if user:
default-admin is authorized for action: /airavata/getGatewayGroups in
gateway: default []
javax.net.ssl.SSLHandshakeException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
at
java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645)
at
java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464)
at
java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460)
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
at
java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
at
java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:171)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1587)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1515)
at
java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:224)
at
org.apache.airavata.service.security.KeyCloakSecurityManager.getFromUrl(KeyCloakSecurityManager.java:394)
at
org.apache.airavata.service.security.KeyCloakSecurityManager.getUserInfo(KeyCloakSecurityManager.java:318)
at
org.apache.airavata.service.security.KeyCloakSecurityManager.validateToken(KeyCloakSecurityManager.java:350)
at
org.apache.airavata.service.security.KeyCloakSecurityManager.getGatewayGroupMembership(KeyCloakSecurityManager.java:331)
at
org.apache.airavata.service.security.KeyCloakSecurityManager.isUserAuthorized(KeyCloakSecurityManager.java:253)
at
org.apache.airavata.service.security.interceptor.SecurityInterceptor.authorize(SecurityInterceptor.java:67)
at
org.apache.airavata.service.security.interceptor.SecurityInterceptor.invoke(SecurityInterceptor.java:52)
at
com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:75)
at
com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55)
at
org.apache.airavata.api.server.handler.AiravataServerHandler$$EnhancerByGuice$$11b56453.getGatewayGroups(<generated>)
at
org.apache.airavata.api.Airavata$Processor$getGatewayGroups.getResult(Airavata.java:23303)
at
org.apache.airavata.api.Airavata$Processor$getGatewayGroups.getResult(Airavata.java:23287)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:830)
This happens because self signed ssl keys/certificates [1] for keycloak are
valid till 02/2020. We need to update them.
@Marcus, @Isuru
I will regenerate them for now but in the long run we need to generate them
automatically when the docker compose is executed. Probably via another
container instance. However I'm not sure why it's even working at least for
30 minutes. It should be failed from the very first call to the Keycloak.
For my setup, it doesn't even fail after 30 minutes.
Owner: CN=airavata.host, OU=airavata.host, O=airavata.host,
L=airavata.host, ST=airavata.host, C=airavata.host
Issuer: CN=airavata.host, OU=airavata.host, O=airavata.host,
L=airavata.host, ST=airavata.host, C=airavata.host
Serial number: 4a9e5bf1
*Valid from: Fri Feb 22 08:50:43 EST 2019 until: Mon Feb 17 08:50:43 EST
2020*
Certificate fingerprints:
SHA1: 7C:2B:7C:39:BB:C5:9E:69:7E:B5:8D:4E:E7:9C:44:05:6D:5E:7A:95
SHA256:
F3:A1:53:31:05:1D:F0:E2:2B:55:95:44:3F:6E:AB:AE:75:65:9F:8D:C1:8F:0D:4A:AF:AE:4C:80:BA:45:00:1F
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
[1]
https://github.com/apache/airavata/tree/master/modules/ide-integration/src/main/resources/keystores
Thanks
Dimuthu
On Thu, Apr 9, 2020 at 8:20 PM Dinuka Desilva <[email protected]>
wrote:
> Hi Dimuthu,
>
> Please find them below.
>
> settings_local.py
> <https://drive.google.com/file/d/1SAxdZpzptjTAJTkfzMcnq99SCjjQTpWm/view?usp=drive_web>
>
> Screenshot 2020-04-03 at 4.03.25 PM.png
> <https://drive.google.com/file/d/1AKf_44WB2cFRfPKNqot8dvH6PISg8Itm/view?usp=drive_web>
> Regards,
> Dinuka
>
> On Fri, Apr 10, 2020 at 5:00 AM DImuthu Upeksha <
> [email protected]> wrote:
>
>> Hi Dinuka,
>>
>> Can you please resend the screenshot you have sent before? I guess apache
>> mail server drops attachments for some reason. Can you upload it to drive
>> or dropbox and share the link?
>>
>> Thanks
>> Dimuthu
>>
>> On Thu, Apr 9, 2020 at 11:27 AM Dinuka Desilva <[email protected]>
>> wrote:
>>
>>> Hi Dimuthu,
>>>
>>> I'm using the "develop" branch on both repos. (airavata and
>>> airavata-django-portal)
>>>
>>> Regards,
>>> Dinuka
>>>
>>> On Thu, Apr 9, 2020 at 2:15 PM DImuthu Upeksha <
>>> [email protected]> wrote:
>>>
>>>> Dinuka,
>>>>
>>>> What is the branch you are using?
>>>>
>>>> Dimuthu
>>>>
>>>> On Wed, Apr 8, 2020 at 2:45 PM Dinuka Desilva <
>>>> [email protected]> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Let me upload the logs of docker-compose, airavata-server and
>>>>> airavata-django-portal below. I've been actually having this issue
>>>>> continuously and not once in a while. Most of the time after every 20-15
>>>>> minutes,I had to recreate everything. Sometimes even the first attempt end
>>>>> up with this issue.
>>>>>
>>>>> Regards,
>>>>> Dinuka
>>>>>
>>>>> On Wed, Apr 8, 2020 at 3:06 AM Christie, Marcus Aaron <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> I've seen this problem too. Are there an errors in the
>>>>>> 'docker-compose up' output?
>>>>>>
>>>>>> On Apr 5, 2020, at 9:55 PM, Isuru Ranawaka <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Sun, Apr 5, 2020 at 8:59 PM Suresh Marru <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Isuru,
>>>>>>>
>>>>>>> I wonder if it is related to renew tokens? Any insights?
>>>>>>>
>>>>>>
>>>>>> There is a chance. But, AFAIK the server caches authorization
>>>>>> decisions for at least one hour through auth cache (by default this is
>>>>>> enabled). So it is unlikely that the server may try to renew tokens
>>>>>> before
>>>>>> that time. Breaking in 30 minutes interval is wired. Anyhow, there is a
>>>>>> probability of occurring this if sever unable to access sharing
>>>>>> registry.
>>>>>> Hence, I think better to check whether DB connections and IAM sever
>>>>>> connections are correctly established.
>>>>>>
>>>>>> Is there any error logs on server-side ?
>>>>>>
>>>>>> thanks
>>>>>> Isuru
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> Suresh
>>>>>>>
>>>>>>> On Apr 3, 2020, at 6:48 AM, Dinuka Desilva <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I got the airava and airavata-django-portal running on localhost by
>>>>>>> executing following script on 4 terminals one after the other.
>>>>>>>
>>>>>>> 1. docker-compose down && rm -rf database_data/ &&
>>>>>>> docker-compose up
>>>>>>> 2. mvn exec:java
>>>>>>>
>>>>>>> -Dexec.mainClass="org.apache.airavata.ide.integration.APIServerStarter"
>>>>>>> 3. . ./build_js.sh
>>>>>>> 4. source ./venv/bin/activate && rm -rf ./tmp/ && rm -rf
>>>>>>> db.sqlite3 && python manage.py migrate && python manage.py
>>>>>>> load_default_gateway && python manage.py runserver
>>>>>>>
>>>>>>>
>>>>>>> With this I could access the localhost server at
>>>>>>> http://localhost:8000. But, only for less than half an hour it
>>>>>>> worked and then it's ended up with the following error. It has the
>>>>>>> logged
>>>>>>> in user though an error occurred.
>>>>>>>
>>>>>>> <Screenshot 2020-04-03 at 4.03.25 PM.png>
>>>>>>>
>>>>>>> Neither restarting the servers nor clearing cache didn't solve this
>>>>>>> issue. And I had to execute above four script again which recreates the
>>>>>>> database. For kind of each 20-30 minutes, I had to do this. I'm doubtful
>>>>>>> whether I'm doing anything wrong.
>>>>>>>
>>>>>>> Also, below I have attached the settings_local.py.
>>>>>>>
>>>>>>> Thanka & Regards,
>>>>>>> Dinuka
>>>>>>> <settings_local.py>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Research Software Engineer
>>>>>> Indiana University, IN
>>>>>>
>>>>>>
>>>>>>
