Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User tests fail #134

Closed
manuparra opened this issue Nov 2, 2022 · 2 comments
Closed

User tests fail #134

manuparra opened this issue Nov 2, 2022 · 2 comments

Comments

@manuparra
Copy link

Hi! I'm dockerizing Carta Controller:

FROM centos:8

RUN cd /etc/yum.repos.d/ && sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*

RUN dnf module -y  enable nodejs:16
RUN dnf install -y nodejs npm

RUN dnf install -y python3 make gcc-c++
RUN npm install -g --unsafe-perm carta-controller


RUN curl https://packages.cartavis.org/cartavis-el8.repo --output /etc/yum.repos.d/cartavis.repo
RUN dnf -y install 'dnf-command(config-manager)'
RUN dnf -y install epel-release
RUN dnf -y config-manager --set-enabled powertools
RUN dnf -y install carta-backend

RUN adduser carta
RUN mkdir -p /var/log/carta
RUN chown -R carta /var/log/carta

COPY ./sudoer-carta-controller  /etc/sudoers.d/carta_controller

RUN mkdir /etc/carta
RUN chown -R carta /etc/carta
WORKDIR /etc/carta

RUN openssl genrsa -out carta_private.pem 4096
RUN openssl rsa -in carta_private.pem -outform PEM -pubout -out carta_public.pem

COPY ./config.json /etc/carta/config.json
COPY ./backend.json /etc/carta/backend.json

RUN groupadd carta-users
RUN useradd -G carta-users -p $(openssl passwd -crypt test) bob
RUN groupadd shadow
RUN chgrp shadow /etc/shadow
RUN chmod g+r /etc/shadow
RUN usermod -a -G shadow carta

EXPOSE 8000

CMD carta-controller

Where

/etc/carta/config.json has the next:

{
    "$schema": "./config_schema.json",
    "authProviders": {
        "pam": {
            "publicKeyLocation": "/etc/carta/carta_public.pem",
            "privateKeyLocation": "/etc/carta/carta_private.pem",
            "issuer": "carta-core"
        }
    },
    "database": {
        "uri": "mongodb://192.168.100.25:27017",
        "databaseName": "CARTA"
    },
    "serverAddress": "http://192.168.100.25:8000",
    "processCommand": "/usr/bin/carta_backend",
    "killCommand": "/usr/local/bin/carta-kill-script",
    "rootFolderTemplate": "/",
    "baseFolderTemplate": "/",
    "dashboard": {
        "bannerColor": "#d2dce5",
        "backgroundColor": "#f6f8fa",
        "infoText": "Welcome to the CARTA server.",
        "loginText": "<span>Please enter your login credentials:</span>",
        "footerText": "<span>If you have any problems, comments or suggestions, please <a href='mailto:[email protected]'>contact us.</a></span>"
    }
}

When I connect from NGINX I see the LoginPage and I try with bob and test as user and it says:
Invalid username/password combination

I added other users with useradd manually and the password inserted manually as well as adding it to the carta-users group, but the same results.

Then I checked inside the container the next

sudo su - carta
carta-controller -verbose -test mparra2

And this is the result:

Checking config file /etc/carta/config.json
Testing configuration with user ,mparra2
Password for user ,mparra2:
FATAL ERROR: Error::New napi_get_last_error_info
 1: 0x557c27b2f4c4 node::Abort() [node]
 2: 0x557c279e8f02 node::OnFatalError(char const*, char const*) [node]
 3: 0x557c279e8f30  [node]
 4: 0x557c27af7829 napi_fatal_error [node]
 5: 0x7f828e44449e  [/usr/local/lib/node_modules/carta-controller/node_modules/node-linux-pam/build/Release/node-linux-pam.node]
 6: 0x7f828e442fe6 initAuthContext(Napi::CallbackInfo const&, auth_context*) [/usr/local/lib/node_modules/carta-controller/node_modules/node-linux-pam/build/Release/node-linux-pam.node]
 7: 0x7f828e443374 RunCallback(Napi::CallbackInfo const&) [/usr/local/lib/node_modules/carta-controller/node_modules/node-linux-pam/build/Release/node-linux-pam.node]
 8: 0x7f828e444bce Napi::details::CallbackData<void (*)(Napi::CallbackInfo const&), void>::Wrapper(napi_env__*, napi_callback_info__*) [/usr/local/lib/node_modules/carta-controller/node_modules/node-linux-pam/build/Release/node-linux-pam.node]
 9: 0x557c27ad6c96  [node]
10: 0x557c27d88249  [node]
11: 0x557c27d89776 v8::internal::Builtin_HandleApiCall(int, unsigned long*, v8::internal::Isolate*) [node]
12: 0x557c285cb9f9  [node]
Aborted (core dumped)

Any ideas?
@daikema
Copy link
Contributor

daikema commented Apr 19, 2023

Hi @manuparra. Is this still a live issue, or are you intentionally moving to direct LDAP auth instead of PAM (or found some other way of resolving this)? (I only noticed this issue after noticing you'd opened #135).

(Not quite sure at initial glance what's up with the , paired with the username in those messages offhand if not a typo in the original command).

@manuparra
Copy link
Author

Hi @daikema! We did not manage to solve it, so we gave up at that time. You can close this issue and if we try again at another time we will let you know and we will restart it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daikema @manuparra