Getting 401 when running discovery scan using event mgmt. agent installed on docker on Windows10
I am trying to install a docker container with the event management agent on my local Windows desktop (windows 10). This is the credential section of the agent YAML file:
authentication:
- properties:
- value: basicAuthentication
name: type
protocol: semp
credentials:
- properties:
- name: username
value: broker_a_vpn_a-admin
- name: password
value: ${2b2hqt0e9702u1rj5dcpcge9rt}
source: ENVIRONMENT_VARIABLE
operations:
- name: ALL
I replaced the password value to ${AEM_PASSWORD} and supplied the value while creating the docker container.
docker run -d -p 8180:8180 -v "C:\Users\DeepankarBhowmick\Downloads\Edge\event_management_agent.yml:/config/ema.yml" --env AEM_PASSWORD=2b2hqt0e9702u1rj5dcpcge9rt --name event-management-agent solace/event-management-agent:latest
The docker image is being created successfully, and the agent starts successfully. Here is the ENV section inside the docker container (see in italics the value set correctly):
"Env": [
"AEM_PASSWORD=2b2hqt0e9702u1rj5dcpcge9rt",
"PATH=/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/ema/terraform",
"JAVA_HOME=/opt/java/openjdk",
"LANG=en_US.UTF-8",
"LANGUAGE=en_US:en",
"LC_ALL=en_US.UTF-8",
"JAVA_VERSION=jdk-17.0.10+7",
"HOME=/home/emauser",
"GITHASH=ecb2b23be0590930d0ea8ba0b95cc43b15dc0f48",
"GITBRANCH=main",
"BUILD_TIMESTAMP=Thu Aug 15 23:02:33 UTC 2024"
]
The agent also connects successfully with the broker:
But when I perform the discovery run scan - it fails with a 401 with the following message in the docker logs:
Error during SEMP Data Collection. Could not authenticate with the server. Check that the SEMP username and password are correct.
401 Unauthorized from GET https://mr-connection-<id>.messaging.solace.cloud:943/SEMP/v2/config/msgVpns/broker_a_vpn_a/queues
What could be the reason? I already tried providing the password from another Windows variable (AEM_PASSWORD=%WINDOWS_VARIABLE%) during the docker container creation phase - same issue.
It appears that while running the discovery scans - the agent is unable to get the username and password.
Answers
-
A few questions:
- Is it a cloud event broker that is available in Event Portal?
- Do you generate the YAML file in Event Portal?
- Can you login to your broker using the credentials you provided?
0 -
Yes, the broker is available in the cloud.
I can use the SEMP credentials and call the SEMP URL using Postman.
The agent also gets connected with green status (as shown in the image).
Only when I try to run the discovery scans - I get the error message in docker logs where the agent is running.
0 -
Ok, did you generate the YAML in Event Portal after having added the broker to the agent?
0 -
Yes I generated the YAML file from event portal. Here is the credential part:
plugins:
resources:- id: ano4aj0h6rm
type: solace
name: broker_a
connections:- name: broker_a
url: https://mr-connection-4y5kglkyr9p.messaging.solace.cloud:943
properties:- value: broker_a_vpn_a
name: msgVpn - value: 100
name: sempPageSize
authentication: - properties:
- value: basicAuthentication
name: type
protocol: semp
credentials: - properties:
- name: username
value: ${AEM_USERNAME} - name: password
value: ${AEM_PASSWORD}
source: ENVIRONMENT_VARIABLE
operations: - name: ALL
- name: username
- value: basicAuthentication
- value: broker_a_vpn_a
- name: broker_a
Here is the docker container create command:
docker run -d -p 8180:8180 -v "C:\Users\DeepankarBhowmick\Downloads\Edge\event_management_agent.yml:/config/ema.yml" --env AEM_USERNAME=abcd --env AEM_PASSWORD=1234 --name aem solace/event-management-agent:latest
I can see inside the docker that the ENV variables are created also.
0 - id: ano4aj0h6rm
-
Ok, I think the issue is with the use of quotes and double-quotes for the environment variables and the specificities of your OS environment.
As this is a cloud broker, could you try to keep the YAML file as generated by Event Portal and not add any environment variables?
0 -
This is the content of the generated YAML file:
- properties:
- name: username
value: broker_a_vpn_a-admin
- name: password
value: ${2b2hqt0e9702u1rj5dcpcge9rt} - source: ENVIRONMENT_VARIABLE
The password is interpolated. Docker expects an environment variable by that name - but it does not finds one.
0 - properties:
-
I did a test to verify if the ENV variables are being read by the agent. And it does!!!
I made a change here - I supplied the url as AEM_URL ENV variable
eventPortal:
runtimeAgentId: ${EP_RUNTIME_AGENT_ID:b7icvt7r7zc}
organizationId: ${EP_ORGANIZATION_ID:0ob7ei1aahy}
gateway:
id: g527g4hnak7
name: US East EVMR
messaging:
standalone: false
rtoSession: false
enableHeartbeats: true
testHeartbeats: true
connections:
- name: eventPortalGateway
authenticationType: ${EP_GATEWAY_AUTH:basicAuthentication}
msgVpn: ${EP_GATEWAY_MSGVPN:us-east-evmr}
url: ${AEM_URL}
users:
- password: I!.vcOFcFUb4Bx0@K$$vkd#0
name: messaging1
clientName: client_b7icvt7r7zc
username: ${EP_GATEWAY_USERNAME:0ob7ei1aahy-s9wvaukj0oo-b7icvt7r7zc}And the agent was able to connect properly with the broker. But it's not working for the password.
0 -
Windows is picky with quotes.
With cloud brokers, you can just leave the username and password in plain text and it should work.
0 -
Even if I hardcode the values of the password in the YAML file. I get the same error:
Error during SEMP Data Collection. Could not authenticate with the server.Check that the SEMP username and password are correct.
401 Unauthorized from GET https://mr-connection-4y5kglkyr9p.messaging.solace.cloud:943/SEMP/v2/config/msgVpns/broker_a_vpn_a/queues
0 -
Ok. Could you try playing with quotes and double-quotes around the username and password?
I will also create a bug to investigate this issue with Windows.
0 -
This is how the ENV looks like in the docker container. Pretty straightforward. It would be good if you can check this with Solace internal team and provide some help. I am from SAP and we have partnership with Solace - want to showcase the capabilities to a customer.
0 -
I discovered an interesting thing. The agent seems to authenticate using the credentials of the YAML file as it appears inside the event portal and is completely ignoring the YAML file that I explicitly provide.
I installed HTTP Toolkit to intercept all the calls from the docker container and here is what I found.
0 -
This issue was resolved in running the Docker command in the Windows Power Shell Terminal.
1
