Date
1 - 2 of 2
bosh ssh authentication problem with bosh director - 401 not authorized?
|
Rafal Radecki
Hi All :)
I am currently investigating a problem on one of my development environments. I have deployed CF through microbosh. I had access to bosh cli and could use bosh ssh with no problem. Yesterday it stopped working and I suspect that someone changed the way bosh cli authenticates with the bosh director on microbosh vm. When I invoke bosh ssh I get: ubuntu(a)ip-10-10-0-67:~/workspace/deployments/microbosh$ bosh ssh [WARNING] Loading the cli took 21.6 seconds, consider cleaning your gem environment """ 1. data/0 2. backbone_z1/0 3. runner_z1/0 4. runner_z1/1 5. runner_z1/2 6. runner_z1/3 7. public_haproxy_z1/0 8. private_haproxy_z1/0 9. api_z1/0 10. health_z1/0 11. services_z1/0 12. acceptance_tests_runner/0 13. smoke_tests_runner/0 Choose an instance: 1 Acting as user 'admin' on deployment 'cf-aws-tiny' on 'bosh-vpc-aba3f6ce' Enter password (use it to sudo on remote host): ******** Target deployment is `cf-aws-tiny' Setting up ssh artifacts HTTP 401: Not authorized """ I can see on the microbosh machine that the request goes through nginx which listens on TCP 25555 and then it is forwarded to "ruby /var/vcap/packages/director/bin/bosh-director -c /var/vcap/jobs/director/config/director.yml" process which listens on TCP 25556. In nginx logs (/var/vcap/data/sys/log/director/director.stderr.log) I get: """ 10.10.0.67 - - [08/Jan/2016:20:30:44 +0000] "POST /deployments/cf-aws-tiny/ssh HTTP/1.0" 401 15 0.6529 127.0.0.1 - - [08/Jan/2016:20:31:38 +0000] "GET /deployments HTTP/1.0" 401 15 0.6245 """ And in the ruby process' logfile (/var/vcap/sys/log/director/director.debug.log from /var/vcap/jobs/director/config/director.yml) : """ D, [2016-01-08 20:34:38 #6980] [] DEBUG -- Director: (0.000121s) SELECT NULL D, [2016-01-08 20:34:38 #6980] [] DEBUG -- Director: (0.000104s) SELECT NULL D, [2016-01-08 20:34:38 #6980] [] DEBUG -- Director: (0.000194s) SELECT * FROM "users" WHERE ("username" = 'admin') LIMIT 1 """ In /info endpoint: """ wget -nv http://127.0.0.1:25556/info -O - 2>&1 {"name":"bosh-vpc-aba3f6ce","uuid":"fd5dbdc5-9533-4497-84e9-69579185524a","version":"1.2989.0 (00000000)","user":null,"cpi":"aws","user_authentication":{"type":"basic","options":{}},"features":{"dns":{"status":true,"extras":{"domain_name":"microbosh"}},"compiled_package_cache":{"status":false,"extras":{"provider":null}},"snapshots":{"status":false}}}2016-01-08 20:35:55 URL:http://127.0.0.1:25556/info [352/352] -> "-" [1] """ I see that basic auth is used and I also got an information that someone has recreated through bosh the 'admin' user with a new password (<lol> :D). I cannot now login with bosh login, bosh status gives: """ ubuntu(a)ip-10-10-0-67:~/workspace/deployments/microbosh$ bosh status [WARNING] Loading the cli took 21.7 seconds, consider cleaning your gem environment Config /home/ubuntu/.bosh_config Director Name bosh-vpc-xxx URL https://10.10.1.4:25555 Version 1.2989.0 (00000000) User not logged in UUID ... CPI aws dns enabled (domain_name: microbosh) compiled_package_cache disabled snapshots disabled Deployment Manifest /home/ubuntu/workspace/deployments/cf-boshworkspace/.deployments/cf-aws-tiny.yml """ Is there a way to restore the password for admin user or create a new user for bosh login? Or maybe something else should be done? BR, Rafal. |
|
|
|
Dmitriy Kalinin
check out bosh.io/docs/director-users.html.
toggle quoted message
Show quoted text
if you lost your pasword to the director, you can set preconfigured users and run bosh-init to update the director. bosh ssh didnt change the way it works to auth. Sent from my iPhone On Jan 8, 2016, at 12:46 PM, Rafal Radecki <radecki.rafal(a)gmail.com> wrote: |
|
|