This message was deleted.
# troubleshootb
bland-orange-13353
11/08/2022, 8:05 AMThis message was deleted.
a
ancient-apartment-23316
11/08/2022, 8:15 AMMy values file:
Copy code
datahub-gms:
enabled: true
image:
repository: linkedin/datahub-gms
tag: "v0.9.1"
datahub-frontend:
enabled: true
image:
repository: linkedin/datahub-frontend-react
tag: "v0.9.1"
# Set up ingress to expose react front-end
ingress:
enabled: false
service:
port: 9002
# OIDC auth based on <https://datahubproject.io/docs/authentication/guides/sso/configure-oidc-react>
# oidcAuthentication:
# enabled: true
# provider: okta
# clientId: "q"
# clientSecret: "s"
# oktaDomain: "<https://myokta.com>"
# baseUrl: "<http://mydatahub.com/sso|mydatahub.com/sso>"
# discoveryUrl: "<http://myokta.com/.well-known/openid-configuration|myokta.com/.well-known/openid-configuration>"
extraEnvs:
- name: AUTH_OIDC_ENABLED
value: "true"
- name: AUTH_OIDC_CLIENT_ID
value: "q"
- name: AUTH_OIDC_CLIENT_SECRET
value: "q"
- name: AUTH_OIDC_DISCOVERY_URI
value: "<https://myokta.com/.well-known/openid-configuration>"
- name: AUTH_OIDC_BASE_URL
value: "<http://mydatahub.com>"
- name: AUTH_OIDC_SCOPE
value: "openid profile email groups"
- name: AUTH_OIDC_OKTA_DOMAIN
value: "<https://myokta.com>"
acryl-datahub-actions:
enabled: true
image:
repository: acryldata/datahub-actions
tag: "v0.0.7"
resources:
limits:
memory: 512Mi
requests:
cpu: 300m
memory: 256Mi
datahub-mae-consumer:
image:
repository: linkedin/datahub-mae-consumer
tag: "v0.9.1"
datahub-mce-consumer:
image:
repository: linkedin/datahub-mce-consumer
tag: "v0.9.1"
datahub-ingestion-cron:
enabled: false #true
image:
repository: acryldata/datahub-ingestion
tag: "v0.9.1"
elasticsearchSetupJob:
enabled: true
image:
repository: linkedin/datahub-elasticsearch-setup
tag: "v0.9.1"
extraEnvs:
- name: USE_AWS_ELASTICSEARCH
value: "true"
podSecurityContext:
fsGroup: 1000
securityContext:
runAsUser: 1000
podAnnotations: {}
kafkaSetupJob:
enabled: true
image:
repository: linkedin/datahub-kafka-setup
tag: "v0.9.1"
podSecurityContext:
fsGroup: 1000
securityContext:
runAsUser: 1000
podAnnotations: {}
mysqlSetupJob:
enabled: true
image:
repository: acryldata/datahub-mysql-setup
tag: "v0.9.1"
podSecurityContext:
fsGroup: 1000
securityContext:
runAsUser: 1000
podAnnotations: {}
postgresqlSetupJob:
enabled: false
image:
repository: acryldata/datahub-postgres-setup
tag: "v0.9.1"
podSecurityContext:
fsGroup: 1000
securityContext:
runAsUser: 1000
podAnnotations: {}
datahubUpgrade:
enabled: true
image:
repository: acryldata/datahub-upgrade
tag: "v0.9.1"
batchSize: 1000
batchDelayMs: 100
noCodeDataMigration:
sqlDbType: "MYSQL"
podSecurityContext: {}
# fsGroup: 1000
securityContext: {}
# runAsUser: 1000
podAnnotations: {}
restoreIndices:
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 300m
memory: 256Mi
global:
graph_service_impl: elasticsearch
datahub_analytics_enabled: true
datahub_standalone_consumers_enabled: false
elasticsearch:
host: "<http://q.us-east-1.es.amazonaws.com|q.us-east-1.es.amazonaws.com>"
port: "443"
useSSL: "true"
auth:
username: "datahub-dev-1"
password:
secretRef: elasticsearch-secrets
secretKey: elasticsearch-password
kafka:
bootstrap:
server: "<http://w.amazonaws.com:9092|w.amazonaws.com:9092>"
zookeeper:
server: "<http://e.amazonaws.com:2181|e.amazonaws.com:2181>"
## For AWS MSK set this to a number larger than 1
partitions: 2
replicationFactor: 2
schemaregistry:
url: "<http://prerequisites-cp-schema-registry:8081>"
sql:
datasource:
host: "w"
hostForMysqlClient: "s"
port: "3306"
url: "sq"
driver: "com.mysql.cj.jdbc.Driver"
username: "admin"
password:
secretRef: db-secrets
secretKey: db-admin-password
datahub:
gms:
port: "8080"
nodePort: "30001"
mae_consumer:
port: "9091"
nodePort: "30002"
appVersion: "1.0"
managed_ingestion:
enabled: true
defaultCliVersion: "0.9.1"ancient-apartment-23316
11/08/2022, 10:32 AMmessage has been deleted
ancient-apartment-23316
11/08/2022, 10:33 AMMy values file:
Copy code
datahub-gms:
enabled: true
image:
repository: linkedin/datahub-gms
tag: "v0.9.1"
datahub-frontend:
enabled: true
image:
repository: linkedin/datahub-frontend-react
tag: "v0.9.1"
# Set up ingress to expose react front-end
ingress:
enabled: false
service:
port: 9002
# OIDC auth based on <https://datahubproject.io/docs/authentication/guides/sso/configure-oidc-react>
# oidcAuthentication:
# enabled: true
# provider: okta
# clientId: "q"
# clientSecret: "s"
# oktaDomain: "<https://myokta.com>"
# baseUrl: "<http://mydatahub.com/sso|mydatahub.com/sso>"
# discoveryUrl: "<http://myokta.com/.well-known/openid-configuration|myokta.com/.well-known/openid-configuration>"
extraEnvs:
- name: AUTH_OIDC_ENABLED
value: "true"
- name: AUTH_OIDC_CLIENT_ID
value: "q"
- name: AUTH_OIDC_CLIENT_SECRET
value: "q"
- name: AUTH_OIDC_DISCOVERY_URI
value: "<https://myokta.com/.well-known/openid-configuration>"
- name: AUTH_OIDC_BASE_URL
value: "<http://mydatahub.com>"
- name: AUTH_OIDC_SCOPE
value: "openid profile email groups"
- name: AUTH_OIDC_OKTA_DOMAIN
value: "<https://myokta.com>"
acryl-datahub-actions:
enabled: true
image:
repository: acryldata/datahub-actions
tag: "v0.0.7"
resources:
limits:
memory: 512Mi
requests:
cpu: 300m
memory: 256Mi
datahub-mae-consumer:
image:
repository: linkedin/datahub-mae-consumer
tag: "v0.9.1"
datahub-mce-consumer:
image:
repository: linkedin/datahub-mce-consumer
tag: "v0.9.1"
datahub-ingestion-cron:
enabled: false #true
image:
repository: acryldata/datahub-ingestion
tag: "v0.9.1"
elasticsearchSetupJob:
enabled: true
image:
repository: linkedin/datahub-elasticsearch-setup
tag: "v0.9.1"
extraEnvs:
- name: USE_AWS_ELASTICSEARCH
value: "true"
podSecurityContext:
fsGroup: 1000
securityContext:
runAsUser: 1000
podAnnotations: {}
kafkaSetupJob:
enabled: true
image:
repository: linkedin/datahub-kafka-setup
tag: "v0.9.1"
podSecurityContext:
fsGroup: 1000
securityContext:
runAsUser: 1000
podAnnotations: {}
mysqlSetupJob:
enabled: true
image:
repository: acryldata/datahub-mysql-setup
tag: "v0.9.1"
podSecurityContext:
fsGroup: 1000
securityContext:
runAsUser: 1000
podAnnotations: {}
postgresqlSetupJob:
enabled: false
image:
repository: acryldata/datahub-postgres-setup
tag: "v0.9.1"
podSecurityContext:
fsGroup: 1000
securityContext:
runAsUser: 1000
podAnnotations: {}
datahubUpgrade:
enabled: true
image:
repository: acryldata/datahub-upgrade
tag: "v0.9.1"
batchSize: 1000
batchDelayMs: 100
noCodeDataMigration:
sqlDbType: "MYSQL"
podSecurityContext: {}
# fsGroup: 1000
securityContext: {}
# runAsUser: 1000
podAnnotations: {}
restoreIndices:
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 300m
memory: 256Mi
global:
graph_service_impl: elasticsearch
datahub_analytics_enabled: true
datahub_standalone_consumers_enabled: false
elasticsearch:
host: "<http://q.us-east-1.es.amazonaws.com|q.us-east-1.es.amazonaws.com>"
port: "443"
useSSL: "true"
auth:
username: "datahub-dev-1"
password:
secretRef: elasticsearch-secrets
secretKey: elasticsearch-password
kafka:
bootstrap:
server: "<http://w.amazonaws.com:9092|w.amazonaws.com:9092>"
zookeeper:
server: "<http://e.amazonaws.com:2181|e.amazonaws.com:2181>"
## For AWS MSK set this to a number larger than 1
partitions: 2
replicationFactor: 2
schemaregistry:
url: "<http://prerequisites-cp-schema-registry:8081>"
sql:
datasource:
host: "w"
hostForMysqlClient: "s"
port: "3306"
url: "sq"
driver: "com.mysql.cj.jdbc.Driver"
username: "admin"
password:
secretRef: db-secrets
secretKey: db-admin-password
datahub:
gms:
port: "8080"
nodePort: "30001"
mae_consumer:
port: "9091"
nodePort: "30002"
appVersion: "1.0"
managed_ingestion:
enabled: true
defaultCliVersion: "0.9.1"ancient-apartment-23316
11/08/2022, 10:34 AMOkta app:
a
astonishing-answer-96712
11/08/2022, 6:51 PM@echoing-airport-49548 should be able to help you out with this! Thank you for your patience 🙂
a
ancient-apartment-23316
11/09/2022, 6:30 PM@echoing-airport-49548 Hi, do you have a chance to help me?
e
echoing-airport-49548
11/14/2022, 6:46 PMHey @ancient-apartment-23316 sorry I was out last week. Have you verified that if you visit your well known configuration, you see a formatted json object?
echoing-airport-49548
11/14/2022, 6:46 PMYou also shouldn’t need
AUTH_OIDC_OKTA_DOMAINa
ancient-apartment-23316
11/22/2022, 12:32 PMHi @echoing-airport-49548 not sure what you mean by “formatted json object”? This link
https://myokta.com/.well-known/openid-configuration
https://qwerty.myokta.com/.well-known/openid-configuration
in the browser returns me 1 string and it is json, I can format it with Sublime Text for example, here it is:
Copy code
{
"issuer": "<https://qwerty.myokta.com>",
"authorization_endpoint": "<https://qwerty.myokta.com/oauth2/v1/authorize>",
"token_endpoint": "<https://qwerty.myokta.com/oauth2/v1/token>",
"userinfo_endpoint": "<https://qwerty.myokta.com/oauth2/v1/userinfo>",
"registration_endpoint": "<https://qwerty.myokta.com/oauth2/v1/clients>",
"jwks_uri": "<https://qwerty.myokta.com/oauth2/v1/keys>",
"response_types_supported": [
"code",
"id_token",
"code id_token",
"code token",
"id_token token",
"code id_token token"
],
"response_modes_supported": [
"query",
"fragment",
"form_post",
"okta_post_message"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"refresh_token",
"password",
"urn:ietf:params:oauth:grant-type:device_code"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"scopes_supported": [
"openid",
"email",
"profile",
"address",
"phone",
"offline_access",
"groups"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt",
"none"
],
"claims_supported": [
"iss",
"ver",
"sub",
"aud",
"iat",
"exp",
"jti",
"auth_time",
"amr",
"idp",
"nonce",
"name",
"nickname",
"preferred_username",
"given_name",
"middle_name",
"family_name",
"email",
"email_verified",
"profile",
"zoneinfo",
"locale",
"address",
"phone_number",
"picture",
"website",
"gender",
"birthdate",
"updated_at",
"at_hash",
"c_hash"
],
"code_challenge_methods_supported": [
"S256"
],
"introspection_endpoint": "<https://qwerty.myokta.com/oauth2/v1/introspect>",
"introspection_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt",
"none"
],
"revocation_endpoint": "<https://qwerty.myokta.com/oauth2/v1/revoke>",
"revocation_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt",
"none"
],
"end_session_endpoint": "<https://qwerty.myokta.com/oauth2/v1/logout>",
"request_parameter_supported": true,
"request_object_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512"
],
"device_authorization_endpoint": "<https://qwerty.myokta.com/oauth2/v1/device/authorize>"
}You also shouldn’t needNo problem, I’v removed it and I have the same issueAUTH_OIDC_OKTA_DOMAIN
ancient-apartment-23316
11/22/2022, 2:28 PMThis is frontend pod logs
Copy code
14:03:33 [application-akka.actor.default-dispatcher-787] WARN akka.actor.ActorSystemImpl - Illegal request, responding with status '400 Bad Request': Unsupported HTTP method: The HTTP method started with 0x16 rather than any known HTTP method from 10.194.3.10:36597. Perhaps this was an HTTPS request sent to an HTTP endpoint?
14:03:34 [application-akka.actor.default-dispatcher-784] WARN akka.actor.ActorSystemImpl - Illegal request, responding with status '501 Not Implemented': Unsupported HTTP method: PRI
14:10:39 [application-akka.actor.default-dispatcher-900] ERROR controllers.SsoCallbackController - Caught exception while attempting to handle SSO callback! It's likely that SSO integration is mis-configured.
java.util.concurrent.CompletionException: org.pac4j.core.exception.TechnicalException: Missing state parameter
at java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:314)
at java.base/java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:319)
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1702)
at play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:77)ancient-apartment-23316
11/22/2022, 2:31 PMI don’t use ingress, I only have a frontend service - loadbalancer, AWS gives a generated link to this service, then I created an A record in Route 53, this record is an alias for the loadbalancer service url. This scheme worked for me before I started the datahub update
ancient-apartment-23316
11/22/2022, 3:06 PM@echoing-airport-49548 I think this error is due to frontend port 9002
now I manually edited the frontend service and put port 80 instead of 9002 (I know that It’s better to not to do this manually, because I installed all this via helm, but as an experiment)
then I changed the Okta settings for this app, I removed port 9002 from Sign-in redirect URIs parameter
as a result, I was able to log into the datahub via Okta!!
But I had some errors in the web interface, maybe it’s because I manually changed the port to 80 only in the front service
please advice me where I went wrong? it was necessary to explicitly mention port 9002 somewhere?
b
bulky-electrician-72362
11/24/2022, 10:38 AMHey Slava,
But I had some errors in the web interface, maybe it’s because I manually changed the port to 80 only in the front serviceWhat was the issue?
3 Views