https://datahubproject.io logo
Join Slack
Powered by
Hello all, I’m trying to get the Token based authe...
# all-things-deployment
a
Hello all, I’m trying to get the Token based authentication enabled, I’ve updated my helm values.yaml file with
Copy code
datahub:
          metadata_service_authentication:
            enabled: true
I can see this when I run helm get values datahub but it still comes up with the error below when I try and generate a token, is there something else I need to do?
Copy code
Token based authentication is currently disabled. Contact your DataHub administrator to enable this feature.
i
Hello Chris, can you share the entire values.yaml file please? Ofuscate sensitive data as needed.
Can you check whether gms instance has the environment variable for authenticated metadata set?
This is the name of variable: METADATA_SERVICE_AUTH_ENABLED It should be set to true in both GMS and Frontend pod
a
Thanks for replying, values.yaml is
Copy code
datahub:
    metadata_service_authentication:
      enabled: true
  datahubUpgrade:
    enabled: false
  datahub-frontend:
    ingress:
      enabled: true
      annotations:
        <http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: alb
        <http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>: internal
        <http://alb.ingress.kubernetes.io/target-type|alb.ingress.kubernetes.io/target-type>: instance
        <http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>: REMOVED
        <http://alb.ingress.kubernetes.io/inbound-cidrs|alb.ingress.kubernetes.io/inbound-cidrs>: REMOVED
        <http://alb.ingress.kubernetes.io/listen-ports|alb.ingress.kubernetes.io/listen-ports>: '[{"HTTP": 80}, {"HTTPS":443}]'
        <http://alb.ingress.kubernetes.io/actions.ssl-redirect|alb.ingress.kubernetes.io/actions.ssl-redirect>: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
      hosts:
        - host: REMOVED
          redirectPaths:
            - path: /*
              name: ssl-redirect
              port: use-annotation
          paths:
            - /*
    service:
      annotations:
        <http://service.beta.kubernetes.io/aws-load-balancer-internal|service.beta.kubernetes.io/aws-load-balancer-internal>: "true"
        <http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>: "nlb"
        <http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>: REMOVED
  datahub-gms:
    service:
      annotations:
        <http://service.beta.kubernetes.io/aws-load-balancer-internal|service.beta.kubernetes.io/aws-load-balancer-internal>: "true"
        <http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>: "nlb"
        <http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>: REMOVED
  acryl-datahub-actions:
    enabled: true
    serviceAccount:
      name: s3-ingestion-service-account
Neither GMS or frontend pods have that environment variable
I’ve also tried restarting the GMS and frontend deployments via kubectl
i
That is the full values.yaml?
a
So i followed the Helm / k8 deployment details here https://datahubproject.io/docs/deploy/kubernetes#quickstart and you only specify values for anything you want changed from the defaults here https://github.com/acryldata/datahub-helm/blob/master/charts/prerequisites/values.yaml
So all my values with be set as they are here https://github.com/acryldata/datahub-helm/blob/master/charts/prerequisites/values.yaml but with the changes I specified above in my values.yaml file
i
I believe you are missing the 
global
 key then:
Copy code
global:        
    datahub:
        metadata_service_authentication:
            enabled: true
a
That fixed it, thank you!!!
@little-megabyte-1074 Not sure who does the docs however on this page https://datahubproject.io/docs/deploy/aws#expose-endpoints-using-a-load-balancer this part
Copy code
datahub:
  metadata_service_authentication:
    enabled: true
Should be updated to:
Copy code
global:        
    datahub:
        metadata_service_authentication:
            enabled: true
i
Contributions to update docs are very welcome 🙂
p
Hi @incalculable-ocean-74010@acceptable-baker-8114, I tried using in datahub/values.yamlm I can see this when I do helm get values datahub. But still see Token based authentication is disabled on UI.
Copy code
global:        
    datahub:
        metadata_service_authentication:
            enabled: true
My datahub verision is 0.8.41
i
Hello @purple-analyst-83660, If you describe the frontend and GMS pods, do you see the 
METADATA_SERVICE_AUTH_ENABLED
environment variable set to True?
s
@crooked-market-47728
r
@incalculable-ocean-74010 Apologies for reviving here I can see my environment variables for gms and fronted are set correctly, 
METADATA_SERVICE_AUTH_ENABLED = True
however whenever I try login via UI I get the following:
Copy code
Authentication chain failed to resolve a valid authentication. Errors: [(com.datahub.authentication.authenticator.DataHubSystemAuthenticator,Failed to authenticate inbound request: Authorization header is missing Authorization header.), (com.datahub.authentication.authenticator.DataHubTokenAuthenticator,Failed to authenticate inbound request: Request is missing 'Authorization' header.)]
Any advice?
i
Hello Donovan, Is this is a helm installation of DataHub? Can you share with chart version and your values.yaml? Feel free to DM if it has sensitive info
52 Views
Open in Slack
PreviousNext
Powered by