After three installs of puppet enterprise, I still am unable to login, check logs, authentication failed. What now?

asked 2015-05-21 15:43:56 -0500

pacneil
1 ●1 ●3 ●2

updated 2015-05-21 17:38:57 -0500

csharpsteen
561 ●5 ●13

I have installed puppet enterprise into a test server in our private cloud, three times. Not once have I been able to login through the web interface. I found instructions to to do the following to create a new users.

/opt/puppet/bin/bundle exec /opt/puppet/bin/rake -f /opt/puppet/share/console-auth/Rakefile db:create_user LOGIN=mylogin EMAIL="myemail@somewhere.private" PASSWORD="mysecret password" DISPLAYNAME="Secret Displayname" ROLEIDS="1,2,3" --trace
** Invoke db:create_user (first_time)
** Execute db:create_user
This Rake task is deprecated in favor of a REST API (DOCS URL GOES HERE!!!!) and will be removed in a future version of Puppet Enterprise

Same error in logs.

# tail -f /var/log//pe-console-services/console-services.log
2015-05-21 13:42:21,358 WARN  [p.r.utils] Authentication failed.

edit retag flag offensive close merge delete

add a comment

answered 2015-05-21 18:28:23 -0500

csharpsteen
561 ●5 ●13

updated 2015-05-22 18:19:03 -0500

Starting with Puppet Enterprise 3.7, the console-auth database no longer controls user logins as this functionality has moved to the new RBAC system. The console-auth Rakefile is still included in the installation packages so that the PE upgrader can migrate users from old databases into the new RBAC system.

To create new users in PE 3.7 and above, use the RBAC REST API:

curl -i -X POST -H 'Content-Type: application/json' \
  --data '{"login": "mylogin", "email": "myemail@somewhere.private", "display_name": "Secret Displayname", "role_ids": [1,2,3]}' \
  --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
  --cert /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.cert.pem \
  --key /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.private_key.pem \
  https://$(hostname -f):4433/rbac-api/v1/users

The response header will return the UUID of the newly created user in the Location field:

HTTP/1.1 303 See Other
Date: Thu, 21 May 2015 23:25:44 GMT
Location: /rbac-api/v1/users/a1a5ce87-74e9-4e3f-a7c2-9dc5d191f82a
Vary: Accept
Content-Type: application/json;charset=ISO-8859-1
Content-Length: 0
Server: Jetty(9.1.z-SNAPSHOT)

The UUID can be used to set a password using the password API.

edit flag offensive delete link

Comments

fail: HTTP/1.1 409 Conflict Date: Fri, 22 May 2015 18:48:51 GMT Content-Type: application/json Content-Length: 74 Server: Jetty(9.2.z-SNAPSHOT) {"msg":"There was a database conflict.","kind":"puppetlabs.rbac/conflict"}

pacneil ( 2015-05-22 13:55:45 -0500 )edit

Uninstalled again, and reinstalled. Re-ran the curl command and this time it succeeded. It's not clear how I'm supposed to set a password, when I can't even log into the web interface. That is the problem I'm trying to solve. This didn't.

pacneil ( 2015-05-22 14:27:27 -0500 )edit

I have q_puppet_enterpriseconsole_auth_password but not q_puppet_enterpriseconsole_auth_user or whatever the user for the console is supposed to be. I still can't login to the web page, created after install. Set a new user, no password. Set a password for a user I have no idea what user name.

pacneil ( 2015-05-22 14:34:52 -0500 )edit

Ah! The q_puppet_enterpriseconsole_auth_password set during installation is for the `admin` user. You should be able to log in using that account after installation and use it to configure other accounts.

csharpsteen ( 2015-05-22 15:18:21 -0500 )edit

I swear, I tried that several times. Finally I can log into the web page. Thanks for your help.

pacneil ( 2015-05-22 15:44:58 -0500 )edit

add a comment