-
Notifications
You must be signed in to change notification settings - Fork 841
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
4.0.0 skyhook token expired immediately after generation #2471
Comments
I was unable to log in from the CLI either, and the logs were spammed with the above destroying and re-creating the concourse stack allowed me to log in again |
I have also a 400 error after login. I'm using quickstart in Docker and the external URL When I'm using external URL |
@loganmzz That sounds like #2463 @eedwards-sk If you have multiple ATCs, this might actually be a case of #2425 which we'll be shipping a fix for soon. (If so would ya mind closing this as a dupe?) If it's a time desync issue there's honestly nothing we can do. You'd have to fix up your system clocks to be consistent. |
@vito Single ATC. This is from a local docker/compose style stack with a single web/atc node, single linux worker, and single darwin worker. Honestly I haven't tried reproing it lately since I gave up on the sky hook after this issue hit me the first time and I log in purely through the CLI now. I get a 100% login failure repro in the web UI now too, every time I sleep my computer, wake it back up later, and then try to log back in to an expired session in the web... when it redirects me the redirect always fails and I have to go back to the base URL and log in again. Time desync was a thought but in the original issue I had literally just launched a fresh stack in compose. (Edit: actually maybe it wasn't a fresh stack? it was a fresh login token... either way the logs were spammed with the message above and the stack had to be recreated to stop it) |
@eedwards-sk Have you tried to set Web/ATC Container hostname to |
I'm seeing this on multiple ATC but not on single ATCs. I have an environment spun up that I'm happy to donate in order to help folks debug this problem. The problem is clearly repeatable. The following errors occurred after this sequence of steps:
There are multiple errors that are displayed on the UI. Anything from a 500 to a 400 depending on values. I even tried clearing the teams table but to no avail. How does concourse store authentication data? In memory? Bouncing the box didn't help either. Perhaps I'm too much of an oAuth noob to begin to understand the root cause of this. I've also confirmed connectivity from node A to node B and have confirmed via docker inspect that the correct IP addresses are set for Peer-IP. @vito I'd love to help fix this if I knew where to start. |
@loganmzz What's the best way to do that? I'm using the concourse provided docker image for web. I am already setting I'd rather not have to build a custom docker image for this. Edit: also, this hostname resolves properly already... it's not a hostname DNS issue... I can immediately go back to the root URL after the login failure and it works. Edit: Okay, I've found how to set the hostname of the docker container. We'll see if that helps :)
|
Setting the hostname possibly made it worse?
Edit: Yeah, I had to revert forcing the hostname. I'm now just setting it to the docker container name (local-concourse-web). |
@eedwards-sk Container hostname can be set through I had same issue #2513. I couldnt't log as long as external URL were not resolvable from inside container. |
It's resolvable from inside.
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Logan Mzz <notifications@github.com>
Sent: Thursday, August 30, 2018 2:13:10 PM
To: concourse/concourse
Cc: Ethan Edwards; Mention
Subject: Re: [concourse/concourse] 4.0.0 skyhook token expired immediately after generation (#2471)
@eedwards-sk<https://github.com/eedwards-sk> Container hostname can be set through -h|--hostname from docker run. External URL must be both resolvable from your client Web Browser or Shell but also inside the container.
I had same issue #2513<#2513>. I couldnt't log as long as external URL were not resolvable from inside container.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#2471 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/Ag-68Q1BXudstO0QpVsNm3uGE0lMFzeXks5uWDlGgaJpZM4VyeUe>.
|
I'm going to close this since I haven't been able to repro on |
Bug Report
Getting a 'token expired' issue when trying to execute a fly command that logs me in through skyhook. Results in a 400 error on the sky token page and errors in logs.
execution flow:
Even though this was just generated now. Possibly a time desync issue? I'm running concourse in docker compose and was logging in from the local dev mac.
The text was updated successfully, but these errors were encountered: