First steps when using docker-compose after installation

[pablo...@gmail.com]

Hi,

What are the required steps after running inside docker with 'make run-kb' and installing the database dlls?

The default kaui superuser is admin/password.
Where is it defined when using docker-compose? How can I change the password?

After I login I'm getting a warning:
"Error while retrieving tenants: No tenants configured for users AND KillBillClient.api_key, KillBillClient.api_secret have not been set"
It will be helpful to see a link to /admin_tenants.

I don't see links to tenant management like /admin_tenants in the kaui menu.

The new tenants form has a checkbox 'Create tenant'. Why do I need a checkbox if this is a create tenant form?
http://127.0.0.1:9090/admin_tenants/new

Is the new tenants form equivalent to the api /tenants post command?
curl -uadmin:password \
-X POST \
-H 'Content-Type: application/json' \
-H 'X-Killbill-CreatedBy: admin' \
-d '{"apiKey": "bob", "apiSecret": "lazar"}' \
http://127.0.0.1:8080/1.0/kb/tenants

After creating the tenant I can't access it from the tenants table.
I'm getting an error: Does not have permissions to see tenant id 1
http://127.0.0.1:9090/admin_tenants/1

[stephane brossier]

Hi Pablo,

On Thu, Apr 14, 2016 at 9:51 AM, <pablo...@gmail.com> wrote:

Hi,

What are the required steps after running inside docker with 'make run-kb' and installing the database dlls?

The default kaui superuser is admin/password.
Where is it defined when using docker-compose? How can I change the password?

You should probably user management guide we write a while ago (in particular it explains where the default admin/password are configured)

 

After I login I'm getting a warning:
"Error while retrieving tenants: No tenants configured for users AND KillBillClient.api_key, KillBillClient.api_secret have not been set"
It will be helpful to see a link to /admin_tenants.

I don't see links to tenant management like /admin_tenants in the kaui menu.

All that is because you don't have correct permissions. Once you are logged in a with a user that has enough permissions, should see the menu on the right (it looks like gears), and be able to manage your user/tenants from KAUI.

 

The new tenants form has a checkbox 'Create tenant'. Why do I need a checkbox if this is a create tenant form?
http://127.0.0.1:9090/admin_tenants/new

The checkbox 'was' there to specify if KAUI should attempt to create the tenant in Kill Bill or not (when tenant already exists in KB, we just want to make it tenant visible through KAUI). However in the latest version of KAUI we removed the checkbox (the code will automatically detect if tenant already exists and do the appropriate thing). Attached a screenshot of that screen (without the checkbox).

Is the new tenants form equivalent to the api /tenants post command?
curl -uadmin:password \
        -X POST \
        -H 'Content-Type: application/json' \
        -H 'X-Killbill-CreatedBy: admin' \
        -d '{"apiKey": "bob", "apiSecret": "lazar"}' \
        http://127.0.0.1:8080/1.0/kb/tenants

Yes.

 

After creating the tenant I can't access it from the tenants table.
I'm getting an error: Does not have permissions to see tenant id 1
http://127.0.0.1:9090/admin_tenants/1

Permission issue.

[pablo...@gmail.com]

Hi Stephane,

On Monday, April 18, 2016 at 9:02:07 PM UTC+3, stephane brossier wrote:
> Hi Pablo,
>
>
>
>
> On Thu, Apr 14, 2016 at 9:51 AM, <pablo...@gmail.com> wrote:
> Hi,
>
>
>
> What are the required steps after running inside docker with 'make run-kb' and installing the database dlls?
>
>
>
> The default kaui superuser is admin/password.
>
> Where is it defined when using docker-compose? How can I change the password?
>
>
>
>
>
> You should probably user management guide we write a while ago (in particular it explains where the default admin/password are configured)
>

The user management guide says that the superuser is configured in shiro.ini.
The killbill dockerfile sets the config path to classpath:shiro.ini.
https://github.com/killbill/killbill-cloud/blob/2d4a950607a701c5b8d57ef4f653115161002267/docker/templates/killbill/latest/Dockerfile#L13

I can't find the shiro.ini file in the killbill-cloud repository only in the killbill src
https://github.com/killbill/killbill/blob/73df2253ad000c3596193983928cc3a449184770/profiles/killbill/src/main/resources/shiro.ini
To change it I need to extend the killbill image set a different path to the config file and include it?

Isn't it unsafe to keep the superuser password in plaintext?

>  
> After I login I'm getting a warning:
>
> "Error while retrieving tenants: No tenants configured for users AND KillBillClient.api_key, KillBillClient.api_secret have not been set"
>
> It will be helpful to see a link to /admin_tenants.
>
>
>
> I don't see links to tenant management like /admin_tenants in the kaui menu.
>
>
>
>
>
> All that is because you don't have correct permissions. Once you are logged in a with a user that has enough permissions, should see the menu on the right (it looks like gears), and be able to manage your user/tenants from KAUI.

If the superuser is defined with *:* why don't I have enough permissions?

>  
> The new tenants form has a checkbox 'Create tenant'. Why do I need a checkbox if this is a create tenant form?
>
> http://127.0.0.1:9090/admin_tenants/new
>
>
>
>
> The checkbox 'was' there to specify if KAUI should attempt to create the tenant in Kill Bill or not (when tenant already exists in KB, we just want to make it tenant visible through KAUI). However in the latest version of KAUI we removed the checkbox (the code will automatically detect if tenant already exists and do the appropriate thing). Attached a screenshot of that screen (without the checkbox).
>
>
>
>
> Is the new tenants form equivalent to the api /tenants post command?
>
> curl -uadmin:password \
>
>         -X POST \
>
>         -H 'Content-Type: application/json' \
>
>         -H 'X-Killbill-CreatedBy: admin' \
>
>         -d '{"apiKey": "bob", "apiSecret": "lazar"}' \
>
>         http://127.0.0.1:8080/1.0/kb/tenants
>
>
> Yes.
>  
>
>
>
> After creating the tenant I can't access it from the tenants table.
>
> I'm getting an error: Does not have permissions to see tenant id 1
>
> http://127.0.0.1:9090/admin_tenants/1
>
>
>
>
> Permission issue.

Thanks

[stephane brossier]

On Mon, Apr 18, 2016 at 12:50 PM, <pablo...@gmail.com> wrote:

Hi Stephane,

On Monday, April 18, 2016 at 9:02:07 PM UTC+3, stephane brossier wrote:
> Hi Pablo,
>
>
>
>
> On Thu, Apr 14, 2016 at 9:51 AM,  <pablo...@gmail.com> wrote:
> Hi,
>
>
>
> What are the required steps after running inside docker with 'make run-kb' and installing the database dlls?
>
>
>
> The default kaui superuser is admin/password.
>
> Where is it defined when using docker-compose? How can I change the password?
>
>
>
>
>
> You should probably user management guide we write a while ago (in particular it explains where the default admin/password are configured)
>

The user management guide says that the superuser is configured in shiro.ini.

That is correct.

 

The killbill dockerfile sets the config path to classpath:shiro.ini.
https://github.com/killbill/killbill-cloud/blob/2d4a950607a701c5b8d57ef4f653115161002267/docker/templates/killbill/latest/Dockerfile#L13

I can't find the shiro.ini file in the killbill-cloud repository only in the killbill src
https://github.com/killbill/killbill/blob/73df2253ad000c3596193983928cc3a449184770/profiles/killbill/src/main/resources/shiro.ini
To change it I need to extend the killbill image set a different path to the config file and include it?

The idea is that you submit your own shiro.ini file (with the definition of your user/roles/pwd) and specify that file through a environment property (KILLBILL_SHIRO_RESOURCE_PATH) when starting your docker container as explained in the README.

 

Isn't it unsafe to keep the superuser password in plaintext?

Password management is always tricky. If your servers are behind  firewalls this is **maybe good enough**. If not, shiro provides ways to encrypt the passwords if this is what you want to do.

 

>  
> After I login I'm getting a warning:
>
> "Error while retrieving tenants: No tenants configured for users AND KillBillClient.api_key, KillBillClient.api_secret have not been set"
>

You can safely ignore that warning. It juts tells you KAUI does not know about any tenants yet (until you create/add them using the '/admin_tenants.')

 

> It will be helpful to see a link to /admin_tenants.

It should be visible under that 'gears' icon. Which version of KAUI are you using?

 

>
>
>
> I don't see links to tenant management like /admin_tenants in the kaui menu.
>
>
>
>
>
> All that is because you don't have correct permissions. Once you are logged in a with a user that has enough permissions, should see the menu on the right (it looks like gears), and be able to manage your user/tenants from KAUI.

If the superuser is defined with *:* why don't I have enough permissions?

Actually i just verified the user/tenants links from KAUI are *always* visible. See the demo we have set up and the screenshot i attached below.

 

>  
> The new tenants form has a checkbox 'Create tenant'. Why do I need a checkbox if this is a create tenant form?
>
> http://127.0.0.1:9090/admin_tenants/new
>
>
>
>
> The checkbox 'was' there to specify if KAUI should attempt to create the tenant in Kill Bill or not (when tenant already exists in KB, we just want to make it tenant visible through KAUI). However in the latest version of KAUI we removed the checkbox (the code will automatically detect if tenant already exists and do the appropriate thing). Attached a screenshot of that screen (without the checkbox).
>
>
>
>
> Is the new tenants form equivalent to the api /tenants post command?
>
> curl -uadmin:password \
>
>         -X POST \
>
>         -H 'Content-Type: application/json' \
>
>         -H 'X-Killbill-CreatedBy: admin' \
>
>         -d '{"apiKey": "bob", "apiSecret": "lazar"}' \
>
>         http://127.0.0.1:8080/1.0/kb/tenants
>
>
> Yes.
>  
>
>
>
> After creating the tenant I can't access it from the tenants table.
>
> I'm getting an error: Does not have permissions to see tenant id 1
>
> http://127.0.0.1:9090/admin_tenants/1
>
>
>
>
> Permission issue.

Thanks

--
You received this message because you are subscribed to the Google Groups "Kill Bill users mailing-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to killbilling-us...@googlegroups.com.
To post to this group, send email to killbill...@googlegroups.com.
Visit this group at https://groups.google.com/group/killbilling-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/killbilling-users/de91ed97-b45f-489e-b64f-12c63b47841e%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[pablo...@gmail.com]

On Tuesday, April 19, 2016 at 3:08:33 AM UTC+3, stephane brossier wrote:
> On Mon, Apr 18, 2016 at 12:50 PM, <pablo...@gmail.com> wrote:
> Hi Stephane,
>
>
>
> On Monday, April 18, 2016 at 9:02:07 PM UTC+3, stephane brossier wrote:
>
> > Hi Pablo,
>
> >
>
> >
>
> >
>
> >
>
> > On Thu, Apr 14, 2016 at 9:51 AM,  <pablo...@gmail.com> wrote:
>
> > Hi,
>
> >
>
> >
>
> >
>
> > What are the required steps after running inside docker with 'make run-kb' and installing the database dlls?
>
> >
>
> >
>
> >
>
> > The default kaui superuser is admin/password.
>
> >
>
> > Where is it defined when using docker-compose? How can I change the password?
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > You should probably user management guide we write a while ago (in particular it explains where the default admin/password are configured)
>
> >
>
>
>
> The user management guide says that the superuser is configured in shiro.ini.
>
>
>
> That is correct.
>  
> The killbill dockerfile sets the config path to classpath:shiro.ini.
>
> https://github.com/killbill/killbill-cloud/blob/2d4a950607a701c5b8d57ef4f653115161002267/docker/templates/killbill/latest/Dockerfile#L13
>
>
>
> I can't find the shiro.ini file in the killbill-cloud repository only in the killbill src
>
> https://github.com/killbill/killbill/blob/73df2253ad000c3596193983928cc3a449184770/profiles/killbill/src/main/resources/shiro.ini
>
> To change it I need to extend the killbill image set a different path to the config file and include it?
>
>
>
>
>
> The idea is that you submit your own shiro.ini file (with the definition of your user/roles/pwd) and specify that file through a environment property (KILLBILL_SHIRO_RESOURCE_PATH) when starting your docker container as explained in the README.

What path is classpath:shiro.ini?
Can I use absolute path instead?

>
>
>
>
>  
> Isn't it unsafe to keep the superuser password in plaintext?
>
>
>
>
>
> Password management is always tricky. If your servers are behind  firewalls this is **maybe good enough**. If not, shiro provides ways to encrypt the passwords if this is what you want to do.
>  
> >  
>
> > After I login I'm getting a warning:
>
> >
>
> > "Error while retrieving tenants: No tenants configured for users AND KillBillClient.api_key, KillBillClient.api_secret have not been set"
>
> >
>
>
>
>
>
> You can safely ignore that warning. It juts tells you KAUI does not know about any tenants yet (until you create/add them using the '/admin_tenants.')
>  
> > It will be helpful to see a link to /admin_tenants.
>
>
>
>
>
> It should be visible under that 'gears' icon. Which version of KAUI are you using?

I'm using the docker-compose yml from:
https://github.com/killbill/killbill-cloud/blob/master/docker/compose/docker-compose.kb.yml

It is using kaui:0.3.0. Should it be kaui:latest instead?

The README says to load the ddl of 0.16 instead of 0.15. Should it be changed too?
curl -s http://docs.killbill.io/0.15/ddl.sql


Now I'm getting 'We're sorry, but something went wrong.' When trying to login with admin/password.
curl to the api gives me 404:
curl -v -uadmin:password http://127.0.0.1:8080/1.0/kb/security/subject

How can I debug it?

[stephane brossier]

[...] 

>
>
>
> The idea is that you submit your own shiro.ini file (with the definition of your user/roles/pwd) and specify that file through a environment property (KILLBILL_SHIRO_RESOURCE_PATH) when starting your docker container as explained in the README.

What path is classpath:shiro.ini?

By default the webapp contains a shiro.ini (under  WEB-INF/classes/shiro.ini). This is used by default.

Can I use absolute path instead?

Yes you can:

KILLBILL_SHIRO_RESOURCE_PATH=file:/XXX/shiro.ini 

[...]

 

>
>
> It should be visible under that 'gears' icon. Which version of KAUI are you using?

I'm using the docker-compose yml from:
https://github.com/killbill/killbill-cloud/blob/master/docker/compose/docker-compose.kb.yml

It is using kaui:0.3.0. Should it be kaui:latest instead?

This is indeed quite old (we did not update the compose.yml in our cloud repo). You should use the latest one (0.7.2 instead) 

 

The README says to load the ddl of 0.16 instead of 0.15. Should it be changed too?
curl -s http://docs.killbill.io/0.15/ddl.sql

You should use the ddl matching your KB version (which most probably would 0.16). 

(On our side, we need to think on how to change that page to avoid having hardcoded version that will keep changing and confuse people)

 

Now I'm getting 'We're sorry, but something went wrong.' When trying to login with admin/password.
curl to the api gives me 404:
curl -v -uadmin:password http://127.0.0.1:8080/1.0/kb/security/subject

How can I debug it?

This is hard to answer in the abstract. Some pointers:

1. 404 means 'Not Found' so seems to indicate endpoint does not exist, which seems to indicate KB is not running (if you had 401 -> unauthorized, that's when shiro.ini comes in the picture)

2. Breakpoints on KB side

3. Tailing logs

Sorry no magic for you ;-(

Stéphane

 

[pablo...@gmail.com]

On Tuesday, April 19, 2016 at 11:32:38 PM UTC+3, stephane brossier wrote:
> [...] 
> >
>
> >
>
> >
>
> > The idea is that you submit your own shiro.ini file (with the definition of your user/roles/pwd) and specify that file through a environment property (KILLBILL_SHIRO_RESOURCE_PATH) when starting your docker container as explained in the README.
>
>
>
> What path is classpath:shiro.ini?
>
>
>
>
>
> By default the webapp contains a shiro.ini (under  WEB-INF/classes/shiro.ini). This is used by default.
>
>
>
>
>
>
>
>
>
>
> Can I use absolute path instead?
>
>
>
>
>
> Yes you can:
> KILLBILL_SHIRO_RESOURCE_PATH=file:/XXX/shiro.ini 
>
>
>
>
> [...]
>  
> >
>
> >
>
> > It should be visible under that 'gears' icon. Which version of KAUI are you using?
>
>
>
> I'm using the docker-compose yml from:
>
> https://github.com/killbill/killbill-cloud/blob/master/docker/compose/docker-compose.kb.yml
>
>
>
> It is using kaui:0.3.0. Should it be kaui:latest instead?
>
>
>
>
>
>
>
> This is indeed quite old (we did not update the compose.yml in our cloud repo). You should use the latest one (0.7.2 instead) 
>
>
>  
> The README says to load the ddl of 0.16 instead of 0.15. Should it be changed too?
>
> curl -s http://docs.killbill.io/0.15/ddl.sql
>
>
>
>
> You should use the ddl matching your KB version (which most probably would 0.16). 

The image name in the docker-compose script is killbill/killbill:latest so the ddl should also be latest. That will solve the confusion. If a specific version is needed, we can still use the /version/ url.

http://docs.killbill.io/latest/ddl.sql

The kaui ddl doesn't has a version:
https://raw.githubusercontent.com/killbill/killbill-admin-ui/master/db/ddl.sql

>
>
> (On our side, we need to think on how to change that page to avoid having hardcoded version that will keep changing and confuse people)
>
>
>
>
>
>
>  
>
>
>
>
>
> Now I'm getting 'We're sorry, but something went wrong.' When trying to login with admin/password.
>
> curl to the api gives me 404:
>
> curl -v -uadmin:password http://127.0.0.1:8080/1.0/kb/security/subject
>
>
>
> How can I debug it?
>
>
>
>
>
>
>
> This is hard to answer in the abstract. Some pointers:
> 1. 404 means 'Not Found' so seems to indicate endpoint does not exist, which seems to indicate KB is not running (if you had 401 -> unauthorized, that's when shiro.ini comes in the picture)
> 2. Breakpoints on KB side
> 3. Tailing logs
>
>
> Sorry no magic for you ;-(
>

I think that the listener in the killbill container failed because it depends of the database and ddl. I explained this in the other thread.

>
>
>
> Stéphane
>