adminUI login with error "HTTP Status 401 Unauthorized"

[scany1211]

1. ENV：

kubectl version：
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.5", GitCommit:"e6503f8d8f769ace2f338794c914a96fc335df0f", GitTreeState:"clean", BuildDate:"2020-06-26T03:47:41Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40", GitTreeState:"clean", BuildDate:"2020-05-20T12:43:34Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}

sitewhere 2.1

2. all the pod status are running as below:

kafka-0                                          2/2     Running   0          45m    10.42.3.218   worker3    <none>           <none>
kafka-zookeeper-0                                2/2     Running   0          45m    10.42.3.217   worker3    <none>           <none>
sitewhere-asset-management-5cfb4c74d6-w4bd8      2/2     Running   0          29m    10.42.3.235   worker3    <none>           <none>
sitewhere-device-management-978c779f6-mcq4f      2/2     Running   0          29m    10.42.3.236   worker3    <none>           <none>
sitewhere-event-management-5567c87fbb-jsmjj      2/2     Running   0          29m    10.42.3.230   worker3    <none>           <none>
sitewhere-event-sources-7bdb4dd6dc-f4ljb         2/2     Running   1          29m    10.42.6.56    rancher3   <none>           <none>
sitewhere-inbound-processing-688869cc-frs2h      2/2     Running   0          29m    10.42.3.231   worker3    <none>           <none>
sitewhere-instance-management-7745cb87cd-ggh44   2/2     Running   0          29m    10.42.6.61    rancher3   <none>           <none>
sitewhere-mongodb-arbiter-0                      1/1     Running   0          29m    10.42.3.234   worker3    <none>           <none>
sitewhere-mongodb-primary-0                      1/1     Running   0          29m    10.42.6.59    rancher3   <none>           <none>
sitewhere-mongodb-secondary-0                    1/1     Running   1          29m    10.42.6.58    rancher3   <none>           <none>
sitewhere-mosquitto-6886b59768-fbjdp             1/1     Running   0          29m    10.42.3.228   worker3    <none>           <none>
sitewhere-outbound-connectors-5dccbfcfff-whh86   2/2     Running   0          29m    10.42.3.232   worker3    <none>           <none>
sitewhere-syncope-68474dd97c-9mxcj               1/1     Running   0          29m    10.42.6.57    rancher3   <none>           <none>
sitewhere-syncope-console-7fbfcdbf9-hzfbj        1/1     Running   0          29m    10.42.6.54    rancher3   <none>           <none>
sitewhere-syncope-enduser-56877b8875-wfgm9       1/1     Running   0          29m    10.42.6.55    rancher3   <none>           <none>
sitewhere-tenantsdb-0                            1/1     Running   0          29m    10.42.6.60    rancher3   <none>           <none>
sitewhere-warp10-0                               1/1     Running   0          29m    10.42.3.233   worker3    <none>           <none>
sitewhere-web-rest-7f6d7db47-hd49h               1/2     Running   0          113s   10.42.3.237   worker3    <none>           <none>

3. I have exposed the sitewhere web-rest svc to one NodePort svc as below:

sitewhere-asset-management-svc      ClusterIP      None            <none>        9000/TCP,9001/TCP,9090/TCP                     40m
sitewhere-device-management-svc     ClusterIP      None            <none>        9000/TCP,9001/TCP,9090/TCP                     40m
sitewhere-event-management-svc      ClusterIP      None            <none>        9000/TCP,9001/TCP,9090/TCP                     40m
sitewhere-event-sources-svc         ClusterIP      10.43.34.120    <none>        9001/TCP,9090/TCP                              40m
sitewhere-inbound-processing-svc    ClusterIP      10.43.109.248   <none>        9001/TCP,9090/TCP                              40m
sitewhere-instance-management-svc   ClusterIP      10.43.191.183   <none>        9000/TCP,9001/TCP,9004/TCP,9005/TCP,9090/TCP   40m
sitewhere-mongodb                   ClusterIP      10.43.199.239   <none>        27017/TCP                                      40m
sitewhere-mongodb-headless          ClusterIP      None            <none>        27017/TCP                                      40m
sitewhere-mosquitto-svc             LoadBalancer   10.43.144.116   <pending>     1883:32342/TCP                                 40m
sitewhere-outbound-connectors-svc   ClusterIP      10.43.74.36     <none>        9001/TCP,9090/TCP                              40m
sitewhere-syncope                   ClusterIP      10.43.17.126    <none>        8080/TCP                                       40m
sitewhere-syncope-console           ClusterIP      10.43.37.44     <none>        8080/TCP                                       40m
sitewhere-syncope-enduser           ClusterIP      10.43.196.217   <none>        8080/TCP                                       40m
sitewhere-tenantsdb                 ClusterIP      10.43.254.0     <none>        5432/TCP                                       40m
sitewhere-tenantsdb-headless        ClusterIP      None            <none>        5432/TCP                                       40m
sitewhere-warp10                    ClusterIP      10.43.8.215     <none>        8080/TCP,8081/TCP                              40m
sitewhere-warp10-headless           ClusterIP      None            <none>        8080/TCP,8081/TCP                              40m
sitewhere-web-rest-grpc             ClusterIP      10.43.134.179   <none>        9001/TCP,9090/TCP                              40m
sitewhere-web-rest-http             NodePort       10.43.81.154    <none>        8080:32051/TCP                                 40m

4. login the sitewhere admin UI with the node ip and port 32051, shows error "
   HTTP Status 401 Unauthorized
   Type Status Report

Message Unauthorized

Description The request has not been applied because it lacks valid authentication credentials for the target resource."

5. has checked the port in pod sitewhere-web-rest-7f6d7db47-hd49h , 8080 port is listening.

 # netstat -anp|grep 8080
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      1/java
tcp        0      0 127.0.0.1:41942         127.0.0.1:8080          ESTABLISHED -
tcp        0      0 127.0.0.1:8080          127.0.0.1:41942         ESTABLISHED 1/java

6. checked the sitewhere-web-rest-7f6d7db47-hd49h pod log via kubectl logs sitewhere-web-rest-7f6d7db47-hd49h -c sitewhere-web-rest, shows error as below:

2020-08-04 07:10:53.727 ERROR 1 --- [nio-8080-exec-3] c.s.w.s.SiteWhereAuthenticationProvider  : Authentication exception.

com.sitewhere.spi.microservice.ServiceNotAvailableException: The requested service is not available [UNAVAILABLE: upstream connect error or disconnect/reset before headers. reset reason: connection failure]
        at com.sitewhere.grpc.client.GrpcUtils.handleClientMethodException(GrpcUtils.java:225) ~[sitewhere-grpc-client-2.1.1.jar!/:na]
        at com.sitewhere.grpc.client.user.UserManagementApiChannel.authenticate(UserManagementApiChannel.java:150) ~[sitewhere-grpc-client-2.1.1.jar!/:na]
        at com.sitewhere.grpc.client.user.CachedUserManagementApiChannel.authenticate(CachedUserManagementApiChannel.java:145) ~[sitewhere-grpc-client-2.1.1.jar!/:na]
        at com.sitewhere.web.security.SiteWhereAuthenticationProvider.authenticateBasicAuth(SiteWhereAuthenticationProvider.java:86) [classes!/:na]
        at com.sitewhere.web.security.SiteWhereAuthenticationProvider.authenticate(SiteWhereAuthenticationProvider.java:58) [classes!/:na]
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) [spring-security-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) [spring-security-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
        at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:180) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
@                                           

and aslo some error like below, not sure whether it's related.

2020-08-04 07:12:00.676 DEBUG 1 --- [-worker-ELG-3-2] i.g.n.NettyServerTransport.connections   : Transport failed

java.io.IOException: Connection reset by peer
        at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[na:1.8.0_212]
        at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) ~[na:1.8.0_212]
        at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) ~[na:1.8.0_212]
        at sun.nio.ch.IOUtil.read(IOUtil.java:192) ~[na:1.8.0_212]
        at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) ~[na:1.8.0_212]
        at io.netty.buffer.PooledUnsafeDirectByteBuf.setBytes(PooledUnsafeDirectByteBuf.java:288) ~[netty-buffer-4.1.34.Final.jar!/:4.1.34.Final]
        at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:1125) ~[netty-buffer-4.1.34.Final.jar!/:4.1.34.Final]
        at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:347) ~[netty-transport-4.1.34.Final.jar!/:4.1.34.Final]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:148) ~[netty-transport-4.1.34.Final.jar!/:4.1.34.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:677) [netty-transport-4.1.34.Final.jar!/:4.1.34.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:612) [netty-transport-4.1.34.Final.jar!/:4.1.34.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:529) [netty-transport-4.1.34.Final.jar!/:4.1.34.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:491) [netty-transport-4.1.34.Final.jar!/:4.1.34.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:905) [netty-common-4.1.34.Final.jar!/:4.1.34.Final]
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [netty-common-4.1.34.Final.jar!/:4.1.34.Final]
        at java.lang.Thread.run(Thread.java:748) [na:1.8.0_212]

Could you help to check ? Thanks

[jorgevillaverde-sitewhere]

Hi @scany1211, SiteWhere 2.x uses Istio to create a service mesh. You need to connect to Istio Ingress Gateway and not to expose web-rest service.

[scany1211]

Hi @scany1211, SiteWhere 2.x uses Istio to create a service mesh. You need to connect to Istio Ingress Gateway and not to expose web-rest service.

hi,
Thanks for your reply, but I installed the istio-gateway and try again, got the 404 error.
[root@master2 ~]# kubectl describe virtualservice sitewhere-web-rest
Name: sitewhere-web-rest
Namespace: default
Labels: io.cattle.field/appId=sitewhere
Annotations:
API Version: networking.istio.io/v1beta1
Kind: VirtualService
Metadata:
Creation Timestamp: 2020-08-05T08:52:54Z
Generation: 1
Managed Fields:
API Version: networking.istio.io/v1alpha3
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:labels:
.:
f:io.cattle.field/appId:
f:spec:
.:
f:gateways:
f:hosts:
f:http:
Manager: Go-http-client
Operation: Update
Time: 2020-08-05T08:52:54Z
Resource Version: 5393139
Self Link: /apis/networking.istio.io/v1beta1/namespaces/default/virtualservices/sitewhere-web-rest
UID: 3d8e8e66-1a36-43eb-a3fd-7c52da91d39b
Spec:
Gateways:
sitewhere-gateway
Hosts:
*
Http:
Match:
Uri:
Prefix: /
Route:
Destination:
Host: sitewhere-web-rest-http
Port:
Number: 8080
Events:

The istio-gateway is running on the server as below, which has port 80 listening：

[root@rancher3 data]# netstat -anp|grep -w 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 15563/nginx: master
tcp 0 0 192.168.2.28:80 192.168.1.94:53508 ESTABLISHED 20375/nginx: worker
tcp6 0 0 :::80 :::* LISTEN 15563/nginx: master

So, in adminUI, I configure the connection as http://192.168.2.28:80, but give me error "default backend 404".
Could you please help me? Thanks