Getting 401 when running discovery scan using event mgmt. agent installed on docker on Windows10

deepankar_bhowmick
deepankar_bhowmick Member Posts: 8
edited August 20 in General Discussions #1

I am trying to install a docker container with the event management agent on my local Windows desktop (windows 10). This is the credential section of the agent YAML file:

authentication:
- properties:
- value: basicAuthentication
name: type
protocol: semp
credentials:
- properties:
- name: username
value: broker_a_vpn_a-admin
- name: password
value: ${2b2hqt0e9702u1rj5dcpcge9rt}
source: ENVIRONMENT_VARIABLE
operations:
- name: ALL

I replaced the password value to ${AEM_PASSWORD} and supplied the value while creating the docker container.

docker run -d -p 8180:8180 -v "C:\Users\DeepankarBhowmick\Downloads\Edge\event_management_agent.yml:/config/ema.yml" --env AEM_PASSWORD=2b2hqt0e9702u1rj5dcpcge9rt --name event-management-agent solace/event-management-agent:latest

The docker image is being created successfully, and the agent starts successfully. Here is the ENV section inside the docker container (see in italics the value set correctly):

"Env": [
"AEM_PASSWORD=2b2hqt0e9702u1rj5dcpcge9rt",
"PATH=/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/ema/terraform",
"JAVA_HOME=/opt/java/openjdk",
"LANG=en_US.UTF-8",
"LANGUAGE=en_US:en",
"LC_ALL=en_US.UTF-8",
"JAVA_VERSION=jdk-17.0.10+7",
"HOME=/home/emauser",
"GITHASH=ecb2b23be0590930d0ea8ba0b95cc43b15dc0f48",
"GITBRANCH=main",
"BUILD_TIMESTAMP=Thu Aug 15 23:02:33 UTC 2024"
]

The agent also connects successfully with the broker:

But when I perform the discovery run scan - it fails with a 401 with the following message in the docker logs:

Error during SEMP Data Collection. Could not authenticate with the server. Check that the SEMP username and password are correct.

401 Unauthorized from GET https://mr-connection-<id>.messaging.solace.cloud:943/SEMP/v2/config/msgVpns/broker_a_vpn_a/queues

What could be the reason? I already tried providing the password from another Windows variable (AEM_PASSWORD=%WINDOWS_VARIABLE%) during the docker container creation phase - same issue.

It appears that while running the discovery scans - the agent is unable to get the username and password.

Answers

  • joseph_lanoux
    joseph_lanoux Member, Employee Posts: 11 Solace Employee

    Hi @deepankar_bhowmick,

    A few questions:

    • Is it a cloud event broker that is available in Event Portal?
    • Do you generate the YAML file in Event Portal?
    • Can you login to your broker using the credentials you provided?

  • deepankar_bhowmick
    deepankar_bhowmick Member Posts: 8
    edited August 20 #3

    Yes, the broker is available in the cloud.

    I can use the SEMP credentials and call the SEMP URL using Postman.

    The agent also gets connected with green status (as shown in the image).

    Only when I try to run the discovery scans - I get the error message in docker logs where the agent is running.

  • joseph_lanoux
    joseph_lanoux Member, Employee Posts: 11 Solace Employee

    Ok, did you generate the YAML in Event Portal after having added the broker to the agent?

  • deepankar_bhowmick
    deepankar_bhowmick Member Posts: 8
    edited August 20 #5

    Yes I generated the YAML file from event portal. Here is the credential part:

    plugins:
    resources:

    • id: ano4aj0h6rm
      type: solace
      name: broker_a
      connections:
      • name: broker_a
        url: https://mr-connection-4y5kglkyr9p.messaging.solace.cloud:943
        properties:
        • value: broker_a_vpn_a
          name: msgVpn
        • value: 100
          name: sempPageSize
          authentication:
        • properties:
          • value: basicAuthentication
            name: type
            protocol: semp
            credentials:
          • properties:
            • name: username
              value: ${AEM_USERNAME}
            • name: password
              value: ${AEM_PASSWORD}
              source: ENVIRONMENT_VARIABLE
              operations:
            • name: ALL

    Here is the docker container create command:

    docker run -d -p 8180:8180 -v "C:\Users\DeepankarBhowmick\Downloads\Edge\event_management_agent.yml:/config/ema.yml" --env AEM_USERNAME=abcd --env AEM_PASSWORD=1234 --name aem solace/event-management-agent:latest

    I can see inside the docker that the ENV variables are created also.

  • joseph_lanoux
    joseph_lanoux Member, Employee Posts: 11 Solace Employee

    Ok, I think the issue is with the use of quotes and double-quotes for the environment variables and the specificities of your OS environment.

    As this is a cloud broker, could you try to keep the YAML file as generated by Event Portal and not add any environment variables?

  • deepankar_bhowmick
    deepankar_bhowmick Member Posts: 8

    This is the content of the generated YAML file:

    • properties:
      - name: username
      value: broker_a_vpn_a-admin
      - name: password
      value: ${2b2hqt0e9702u1rj5dcpcge9rt}
    • source: ENVIRONMENT_VARIABLE

    The password is interpolated. Docker expects an environment variable by that name - but it does not finds one.

  • deepankar_bhowmick
    deepankar_bhowmick Member Posts: 8

    I did a test to verify if the ENV variables are being read by the agent. And it does!!!

    I made a change here - I supplied the url as AEM_URL ENV variable

    eventPortal:
    runtimeAgentId: ${EP_RUNTIME_AGENT_ID:b7icvt7r7zc}
    organizationId: ${EP_ORGANIZATION_ID:0ob7ei1aahy}
    gateway:
    id: g527g4hnak7
    name: US East EVMR
    messaging:
    standalone: false
    rtoSession: false
    enableHeartbeats: true
    testHeartbeats: true
    connections:
    - name: eventPortalGateway
    authenticationType: ${EP_GATEWAY_AUTH:basicAuthentication}
    msgVpn: ${EP_GATEWAY_MSGVPN:us-east-evmr}
    url: ${AEM_URL}
    users:
    - password: I!.vcOFcFUb4Bx0@K$$vkd#0
    name: messaging1
    clientName: client_b7icvt7r7zc
    username: ${EP_GATEWAY_USERNAME:0ob7ei1aahy-s9wvaukj0oo-b7icvt7r7zc}

    And the agent was able to connect properly with the broker. But it's not working for the password.

  • joseph_lanoux
    joseph_lanoux Member, Employee Posts: 11 Solace Employee

    Windows is picky with quotes.

    With cloud brokers, you can just leave the username and password in plain text and it should work.

  • deepankar_bhowmick
    deepankar_bhowmick Member Posts: 8

    Even if I hardcode the values of the password in the YAML file. I get the same error:

    Error during SEMP Data Collection. Could not authenticate with the server.Check that the SEMP username and password are correct.

    401 Unauthorized from GET https://mr-connection-4y5kglkyr9p.messaging.solace.cloud:943/SEMP/v2/config/msgVpns/broker_a_vpn_a/queues

  • joseph_lanoux
    joseph_lanoux Member, Employee Posts: 11 Solace Employee

    Ok. Could you try playing with quotes and double-quotes around the username and password?

    I will also create a bug to investigate this issue with Windows.

  • deepankar_bhowmick
    deepankar_bhowmick Member Posts: 8

    This is how the ENV looks like in the docker container. Pretty straightforward. It would be good if you can check this with Solace internal team and provide some help. I am from SAP and we have partnership with Solace - want to showcase the capabilities to a customer.

  • deepankar_bhowmick
    deepankar_bhowmick Member Posts: 8

    I discovered an interesting thing. The agent seems to authenticate using the credentials of the YAML file as it appears inside the event portal and is completely ignoring the YAML file that I explicitly provide.

    I installed HTTP Toolkit to intercept all the calls from the docker container and here is what I found.

  • joseph_lanoux
    joseph_lanoux Member, Employee Posts: 11 Solace Employee

    This issue was resolved in running the Docker command in the Windows Power Shell Terminal.