Merci d'avoir soumis un rapport de bogue. Veuillez remplir le modèle ci-dessous, sinon nous ne pourrons pas traiter ce rapport de bogue.
En utilisant ttn-lw-cli v3.8.7, je ne parviens pas à exécuter des commandes de console sur un déploiement TTN v3.8.7 autogéré. Cela fonctionnait auparavant et s'est depuis arrêté suite à l'ajout de l'indicateur http.redirect-to-tls dans la configuration de déploiement.
La console est toujours accessible et fonctionne comme prévu. Je ne sais pas s'il s'agit d'un bug ou d'un problème de configuration système. Dans tous les cas, votre aide serait très appréciée !
ttn-lw-stack.yml - Serveur :
# Identity Server configuration
is:
# Email configuration for "REMOVED"
email:
sender-name: 'The Things Stack'
sender-address: 'noreply<strong i="17">@REMOVED</strong>'
network:
name: 'TTN-stack'
console-url: 'https://REMOVED/console'
identity-server-url: 'https://REMOVED/oauth'
# Web UI configuration for "REMOVED":
oauth:
ui:
canonical-url: 'https://REMOVED/oauth'
is:
base-url: 'https://REMOVED/api/v3'
# HTTP server configuration
http:
cookie:
block-key: 'REMOVED' # generate 32 bytes (openssl rand -hex 32)
hash-key: 'REMOVED' # generate 64 bytes (penssl rand -hex 64)
metrics:
password: 'REMOVED' # choose a password
pprof:
password: 'REMOVED' # choose a password
redirect-to-tls: 'true'
# Let's encrypt for "REMOVED"
tls:
source: 'acme'
acme:
dir: '/var/lib/acme'
email: 'REMOVED'
hosts: ['REMOVED']
default-host: 'REMOVED'
#If Gateway Server enabled, defaults for "REMOVED":
gs:
mqtt:
public-address: 'REMOVED:1882'
public-tls-address: 'REMOVED:8882'
mqtt-v2:
public-address: 'REMOVED:1881'
public-tls-address: 'REMOVED:8881'
#If Gateway Configuration Server enabled, defaults for "REMOVED":
gcs:
basic-station:
default:
lns-uri: 'wss://REMOVED:8887'
the-things-gateway:
default:
mqtt-server: 'mqtts://REMOVED:8881'
# Web UI configuration for "REMOVED":
console:
ui:
canonical-url: 'https://REMOVED/console'
is:
base-url: 'https://REMOVED/api/v3'
gs:
base-url: 'https://REMOVED/api/v3'
ns:
base-url: 'https://REMOVED/api/v3'
as:
base-url: 'https://REMOVED/api/v3'
js:
base-url: 'https://REMOVED/api/v3'
qrg:
base-url: 'https://REMOVED/api/v3'
edtc:
base-url: 'https://REMOVED/api/v3'
oauth:
authorize-url: 'https://REMOVED/oauth/authorize'
token-url: 'https://REMOVED/oauth/token'
client-id: 'console'
client-secret: 'console' # choose or generate a secret
ttn-lw-cli config -- Serveur :
--allow-unknown-hosts="false"
--application-server-enabled="true"
--application-server-grpc-address="localhost:8884"
--ca=""
--config="/home/ttn/ttn-stack-v3/config/stack/.ttn-lw-cli.yml,/home/ttn/snap/ttn-lw-stack/192/.ttn-lw-cli.yml,/home/ttn/snap/ttn-lw-stack/192/.config/.ttn-lw-cli.yml"
--credentials-id=""
--device-claiming-server-grpc-address="localhost:8884"
--device-template-converter-grpc-address="localhost:8884"
--dump-requests="false"
--gateway-server-enabled="true"
--gateway-server-grpc-address="localhost:8884"
--identity-server-grpc-address="localhost:8884"
--input-format="json"
--insecure="false"
--join-server-enabled="true"
--join-server-grpc-address="localhost:8884"
--log.level="info"
--network-server-enabled="true"
--network-server-grpc-address="localhost:8884"
--oauth-server-address="https://localhost:443/oauth"
--output-format="json"
--qr-code-generator-grpc-address="localhost:8884"
configuration ttn-lw-stack -- CLI :
--as.device-kek-label=""
--as.interop.blob.bucket=""
--as.interop.blob.path=""
--as.interop.config-source=""
--as.interop.directory=""
--as.interop.id=""
--as.interop.url=""
--as.link-mode="all"
--as.mqtt.listen=":1883"
--as.mqtt.listen-tls=":8883"
--as.mqtt.public-address="localhost:1883"
--as.mqtt.public-tls-address="localhost:8883"
--as.webhooks.downlink.public-address="http://localhost:1885/api/v3"
--as.webhooks.downlink.public-tls-address=""
--as.webhooks.queue-size="16"
--as.webhooks.target="direct"
--as.webhooks.templates.directory=""
--as.webhooks.templates.logo-base-url=""
--as.webhooks.templates.url=""
--as.webhooks.timeout="5s"
--as.webhooks.workers="16"
--blob.aws.access-key-id=""
--blob.aws.endpoint=""
--blob.aws.region=""
--blob.aws.secret-access-key=""
--blob.aws.session-token=""
--blob.gcp.credentials=""
--blob.gcp.credentials-file=""
--blob.local.directory="./public/blob"
--blob.provider="local"
--cache.redis.address=""
--cache.redis.database="0"
--cache.redis.failover.addresses=""
--cache.redis.failover.enable="false"
--cache.redis.failover.master-name=""
--cache.redis.namespace=""
--cache.redis.password=""
--cache.redis.pool-size="0"
--cache.service=""
--cluster.address=""
--cluster.application-server=""
--cluster.crypto-server=""
--cluster.gateway-server=""
--cluster.identity-server=""
--cluster.join=""
--cluster.join-server=""
--cluster.keys=""
--cluster.name=""
--cluster.network-server=""
--cluster.tls="false"
--config="REMOVED"
--console.mount=""
--console.oauth.authorize-url="http://localhost:1885/oauth/authorize"
--console.oauth.client-id="console"
--console.oauth.client-secret="console"
--console.oauth.logout-url="http://localhost:1885/oauth/logout"
--console.oauth.token-url="http://localhost:1885/oauth/token"
--console.ui.as.base-url="http://localhost:1885/api/v3"
--console.ui.as.enabled="true"
--console.ui.assets-base-url="/assets"
--console.ui.branding-base-url=""
--console.ui.canonical-url="http://localhost:1885/console"
--console.ui.css-file="console.css"
--console.ui.descriptions=""
--console.ui.documentation-base-url="https://thethingsstack.io/3.8.7"
--console.ui.edtc.base-url="http://localhost:1885/api/v3"
--console.ui.edtc.enabled="true"
--console.ui.gs.base-url="http://localhost:1885/api/v3"
--console.ui.gs.enabled="true"
--console.ui.icon-prefix="console-"
--console.ui.is.base-url="http://localhost:1885/api/v3"
--console.ui.is.enabled="true"
--console.ui.js-file="console.js"
--console.ui.js.base-url="http://localhost:1885/api/v3"
--console.ui.js.enabled="true"
--console.ui.language="en"
--console.ui.ns.base-url="http://localhost:1885/api/v3"
--console.ui.ns.enabled="true"
--console.ui.qrg.base-url="http://localhost:1885/api/v3"
--console.ui.qrg.enabled="true"
--console.ui.sentry-dsn=""
--console.ui.site-name="The Things Stack for LoRaWAN"
--console.ui.sub-title="Management platform for The Things Stack for LoRaWAN"
--console.ui.support-link=""
--console.ui.theme-color=""
--console.ui.title="Console"
--device-repository.blob.bucket=""
--device-repository.blob.path=""
--device-repository.config-source=""
--device-repository.directory=""
--device-repository.url=""
--dtc.enabled=""
--events.backend="internal"
--events.cloud.publish-url=""
--events.cloud.subscribe-url=""
--events.redis.address=""
--events.redis.database="0"
--events.redis.failover.addresses=""
--events.redis.failover.enable="false"
--events.redis.failover.master-name=""
--events.redis.namespace=""
--events.redis.password=""
--events.redis.pool-size="0"
--frequency-plans.blob.bucket=""
--frequency-plans.blob.path=""
--frequency-plans.config-source=""
--frequency-plans.directory=""
--frequency-plans.url="https://raw.githubusercontent.com/TheThingsNetwork/lorawan-frequency-plans/master"
--gcs.basic-station.allow-cups-uri-update="false"
--gcs.basic-station.default.lns-uri="wss://localhost:8887"
--gcs.basic-station.owner-for-unknown.account-type=""
--gcs.basic-station.owner-for-unknown.api-key=""
--gcs.basic-station.owner-for-unknown.id=""
--gcs.basic-station.require-explicit-enable="false"
--gcs.require-auth="true"
--gcs.the-things-gateway.default.firmware-url="https://thethingsproducts.blob.core.windows.net/the-things-gateway/v1"
--gcs.the-things-gateway.default.mqtt-server="mqtts://localhost:8881"
--gcs.the-things-gateway.default.update-channel="stable"
--grpc.allow-insecure-for-credentials="false"
--grpc.listen=":1884"
--grpc.listen-tls=":8884"
--gs.basic-station.fallback-frequency-plan-id=""
--gs.basic-station.listen=":1887"
--gs.basic-station.listen-tls=":8887"
--gs.basic-station.use-traffic-tls-address="false"
--gs.basic-station.ws-ping-interval="30s"
--gs.forward="=00000000/0"
--gs.mqtt-v2.listen=":1881"
--gs.mqtt-v2.listen-tls=":8881"
--gs.mqtt-v2.public-address="localhost:1881"
--gs.mqtt-v2.public-tls-address="localhost:8881"
--gs.mqtt.listen=":1882"
--gs.mqtt.listen-tls=":8882"
--gs.mqtt.public-address="localhost:1882"
--gs.mqtt.public-tls-address="localhost:8882"
--gs.require-registered-gateways="false"
--gs.udp.addr-change-block="1m0s"
--gs.udp.connection-expires="1m0s"
--gs.udp.downlink-path-expires="15s"
--gs.udp.listeners=":1700="
--gs.udp.packet-buffer="50"
--gs.udp.packet-handlers="16"
--gs.udp.rate-limiting.enable="true"
--gs.udp.rate-limiting.messages="10"
--gs.udp.rate-limiting.threshold="10ms"
--gs.udp.schedule-late-time="800ms"
--gs.update-connection-stats-debounce-time="3s"
--gs.update-gateway-location-debounce-time="1h0m0s"
--http.cookie.block-key=""
--http.cookie.hash-key=""
--http.health.enable="true"
--http.health.password=""
--http.listen=":1885"
--http.listen-tls=":8885"
--http.log-ignore-paths=""
--http.metrics.enable="true"
--http.metrics.password=""
--http.pprof.enable="true"
--http.pprof.password=""
--http.redirect-to-host=""
--http.redirect-to-tls="false"
--http.static.mount="/assets"
--http.static.search-path="/usr/local/Cellar/ttn-lw-stack/3.8.7/libexec/public"
--http.trusted-proxies="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
--interop.listen-tls=":8886"
--interop.sender-client-ca.blob.bucket=""
--interop.sender-client-ca.blob.path=""
--interop.sender-client-ca.directory=""
--interop.sender-client-ca.source=""
--interop.sender-client-ca.url=""
--interop.sender-client-cas=""
--is.auth-cache.membership-ttl="10m0s"
--is.database-uri="postgresql://root<strong i="11">@localhost</strong>:26257/ttn_lorawan_dev?sslmode=disable"
--is.email.network.console-url="http://localhost:1885/console"
--is.email.network.identity-server-url="http://localhost:1885/oauth"
--is.email.network.name="The Things Stack for LoRaWAN"
--is.email.provider=""
--is.email.sender-address=""
--is.email.sender-name=""
--is.email.sendgrid.api-key=""
--is.email.sendgrid.sandbox="false"
--is.email.smtp.address=""
--is.email.smtp.connections="0"
--is.email.smtp.password=""
--is.email.smtp.username=""
--is.email.templates.blob.bucket=""
--is.email.templates.blob.path=""
--is.email.templates.directory=""
--is.email.templates.includes=""
--is.email.templates.source=""
--is.email.templates.url=""
--is.end-device-picture.bucket="end_device_pictures"
--is.end-device-picture.bucket-url="/assets/blob/end_device_pictures"
--is.oauth.mount=""
--is.oauth.ui.assets-base-url="/assets"
--is.oauth.ui.branding-base-url=""
--is.oauth.ui.canonical-url="http://localhost:1885/oauth"
--is.oauth.ui.css-file="oauth.css"
--is.oauth.ui.descriptions=""
--is.oauth.ui.icon-prefix="oauth-"
--is.oauth.ui.is.base-url="http://localhost:1885/api/v3"
--is.oauth.ui.is.enabled="true"
--is.oauth.ui.js-file="oauth.js"
--is.oauth.ui.language="en"
--is.oauth.ui.sentry-dsn=""
--is.oauth.ui.site-name="The Things Stack for LoRaWAN"
--is.oauth.ui.sub-title=""
--is.oauth.ui.theme-color=""
--is.oauth.ui.title=""
--is.profile-picture.bucket="profile_pictures"
--is.profile-picture.bucket-url="/assets/blob/profile_pictures"
--is.profile-picture.use-gravatar="true"
--is.user-registration.admin-approval.required="false"
--is.user-registration.contact-info-validation.required="false"
--is.user-registration.invitation.required="false"
--is.user-registration.invitation.token-ttl="168h0m0s"
--is.user-registration.password-requirements.max-length="1000"
--is.user-registration.password-requirements.min-digits="1"
--is.user-registration.password-requirements.min-length="8"
--is.user-registration.password-requirements.min-special="0"
--is.user-registration.password-requirements.min-uppercase="1"
--js.device-kek-label=""
--js.join-eui-prefix="0000000000000000/0"
--key-vault.provider="static"
--key-vault.static=""
--log.level="info"
--ns.application-uplink-queue.buffer-size="1000"
--ns.cooldown-window="1s"
--ns.deduplication-window="200ms"
--ns.default-mac-settings.adr-margin="15"
--ns.default-mac-settings.class-b-timeout="1m0s"
--ns.default-mac-settings.class-c-timeout="5m0s"
--ns.default-mac-settings.desired-rx1-delay="5"
--ns.default-mac-settings.status-count-periodicity="200"
--ns.default-mac-settings.status-time-periodicity="24h0m0s"
--ns.dev-addr-prefixes=""
--ns.device-kek-label=""
--ns.downlink-priorities.join-accept="highest"
--ns.downlink-priorities.mac-commands="highest"
--ns.downlink-priorities.max-application-downlink="high"
--ns.interop.blob.bucket=""
--ns.interop.blob.path=""
--ns.interop.config-source=""
--ns.interop.directory=""
--ns.interop.url=""
--ns.net-id="000000"
--pba.cluster-id=""
--pba.data-plane-address=""
--pba.forwarder.enable="false"
--pba.forwarder.token-key=""
--pba.forwarder.worker-pool.limit="1024"
--pba.home-network.blacklist-forwarder="true"
--pba.home-network.dev-addr-prefixes=""
--pba.home-network.enable="false"
--pba.home-network.worker-pool.limit="4096"
--pba.net-id="000000"
--pba.tenant-id=""
--pba.tls.certificate=""
--pba.tls.key=""
--pba.tls.key-vault.id=""
--pba.tls.source=""
--redis.address="localhost:6379"
--redis.database="0"
--redis.failover.addresses=""
--redis.failover.enable="false"
--redis.failover.master-name=""
--redis.namespace="ttn,v3"
--redis.password=""
--redis.pool-size="0"
--rights.ttl="2m0s"
--sentry.dsn=""
--tls.acme.default-host=""
--tls.acme.dir=""
--tls.acme.email=""
--tls.acme.enable="false"
--tls.acme.endpoint="https://acme-v02.api.letsencrypt.org/directory"
--tls.acme.hosts=""
--tls.certificate="cert.pem"
--tls.insecure-skip-verify="false"
--tls.key="key.pem"
--tls.key-vault.id=""
--tls.root-ca=""
--tls.source=""
ttn-lw-cli login
ERROR Please login with the login command
INFO Opening your browser on https://openstack-floating-193-206.ecdf.ed.ac.uk:443/oauth/authorize?client_id=cli&redirect_uri=local-callback&response_type=code
INFO After logging in and authorizing the CLI, we'll get an access token for future commands.
INFO Waiting for your authorization...
ERROR Could not exchange OAuth access token error=oauth2: cannot fetch token: 405 Method Not Allowed
Response: {
"code": 2,
"message": "error:pkg/errors/web:unknown (Method Not Allowed)",
"details": [
{
"@type": "type.googleapis.com/ttn.lorawan.v3.ErrorDetails",
"namespace": "pkg/errors/web",
"message_format": "Method Not Allowed",
"attributes": {
"message": "Method Not Allowed"
},
"code": 2
}
]
}
Idéalement, j'aimerais être autorisé et pouvoir me connecter via la console.
L'interface de ligne de commande et le déploiement exécutent tous deux la version 3.8.7. Le déploiement et la CLI fonctionnent comme prévu lorsque l'indicateur http.redirect-to-tls est défini sur false ou absent. Cela a également été testé à l'aide de plusieurs machines différentes sur le même déploiement, reproduisant l'erreur à chaque fois (avec chaque CLI exécutant également la version 3.8.7)
Non, je le ferais avec plaisir si je pouvais le réparer, mais avec cela, j'ai beaucoup apprécié votre aide !
Salut @ ZeroSum24 , merci d'avoir signalé ce problème. En effet, j'ai pu reproduire le problème. Cela existe depuis 3.8.0
apparemment.
EDIT : comme solution de contournement, jusqu'à ce qu'un correctif soit publié, vous devriez pouvoir vous connecter avec succès en supprimant le numéro de port ( :443
) de l'adresse du serveur OAuth dans .ttn-lw-cli.yml
.
@neoaggelos merci beaucoup pour votre aide et la réponse rapide ! J'ai appliqué cette solution de contournement de notre côté qui a résolu le problème pour le moment.
Devrait être corrigé avec #3120
Commentaire le plus utile
Devrait être corrigé avec #3120