Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Given token does not match calculated token #5

Closed
mikemorris opened this issue Aug 7, 2018 · 8 comments
Closed

Given token does not match calculated token #5

mikemorris opened this issue Aug 7, 2018 · 8 comments

Comments

@mikemorris
Copy link

mikemorris commented Aug 7, 2018
edited
Loading

I think I've almost got this working, but I'm hitting some trouble where it appears that both jvb and jicofo are unable to connect as prosody components? Testing this with default config (cp env.example .env), spinning up with sudo docker-compose up.

prosody_1  | jcp5589c98e94d0                         info       Incoming Jabber component connection
prosody_1  | jitsi-videobridge.meet.jitsi:component  info       Component authentication failed for jitsi-videobridge.meet.jitsi
prosody_1  | mod_component                           info       Disconnecting component, <stream:error> is: <stream:error><not-authorized xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>Given token does not match calculated token</text></stream:error>
prosody_1  | jcp5589c98e94d0                         info       component disconnected: jitsi-videobridge.meet.jitsi (false)
jvb_1      | JVB 2018-08-07 06:09:20.936 SEVERE: [18] org.jitsi.meet.ComponentMain.call().323 not-authorized, host:xmpp.meet.jitsi, port:5347
jvb_1      | org.xmpp.component.ComponentException: not-authorized
jvb_1      |    at org.jivesoftware.whack.ExternalComponent.connect(ExternalComponent.java:243)
jvb_1      |    at org.jivesoftware.whack.ExternalComponentManager.addComponent(ExternalComponentManager.java:242)
jvb_1      |    at org.jivesoftware.whack.ExternalComponentManager.addComponent(ExternalComponentManager.java:222)
jvb_1      |    at org.jitsi.meet.ComponentMain$3.call(ComponentMain.java:315)
jvb_1      |    at org.jitsi.meet.ComponentMain$3.call(ComponentMain.java:300)
jvb_1      |    at org.jitsi.retry.RetryStrategy$TaskRunner.run(RetryStrategy.java:193)
jvb_1      |    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
jvb_1      |    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
jvb_1      |    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
jvb_1      |    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
jvb_1      |    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
jvb_1      |    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
jvb_1      |    at java.lang.Thread.run(Thread.java:748)
prosody_1  | jcp5589c98f3850                         info       Incoming Jabber component connection
prosody_1  | focus.meet.jitsi:component              info       Component authentication failed for focus.meet.jitsi
prosody_1  | mod_component                           info       Disconnecting component, <stream:error> is: <stream:error><not-authorized xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>Given token does not match calculated token</text></stream:error>
prosody_1  | jcp5589c98f3850                         info       component disconnected: focus.meet.jitsi (false)

prosody_1  | jcp5589c97e0f10                         info       Incoming Jabber component connection
prosody_1  | focus.meet.jitsi:component              info       Component authentication failed for focus.meet.jitsi
prosody_1  | mod_component                           info       Disconnecting component, <stream:error> is: <stream:error><not-authorized xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>Given token does not match calculated token</text></stream:error>
prosody_1  | jcp5589c97e0f10                         info       component disconnected: focus.meet.jitsi (false)
jicofo_1   | Aug 07, 2018 6:08:51 AM net.java.sip.communicator.util.Logger error
jicofo_1   | SEVERE: not-authorized, host:xmpp.meet.jitsi, port:5347
jicofo_1   | org.xmpp.component.ComponentException: not-authorized
jicofo_1   |    at org.jivesoftware.whack.ExternalComponent.connect(ExternalComponent.java:243)
jicofo_1   |    at org.jivesoftware.whack.ExternalComponentManager.addComponent(ExternalComponentManager.java:242)
jicofo_1   |    at org.jivesoftware.whack.ExternalComponentManager.addComponent(ExternalComponentManager.java:222)
jicofo_1   |    at org.jitsi.meet.ComponentMain$3.call(ComponentMain.java:315)
jicofo_1   |    at org.jitsi.meet.ComponentMain$3.call(ComponentMain.java:300)
jicofo_1   |    at org.jitsi.retry.RetryStrategy$TaskRunner.run(RetryStrategy.java:193)
jicofo_1   |    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
jicofo_1   |    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
jicofo_1   |    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
jicofo_1   |    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
jicofo_1   |    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
jicofo_1   |    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
jicofo_1   |    at java.lang.Thread.run(Thread.java:748)
jicofo_1   |
prosody_1  | c2s5589c97eb540                         info       Client connected
prosody_1  | c2s5589c97eb540                         info       Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
jicofo_1   | Aug 07, 2018 6:08:51 AM net.java.sip.communicator.util.Logger error
jicofo_1   | SEVERE: Failed to connect/login: SASLError using SCRAM-SHA-1: not-authorized
jicofo_1   | org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
jicofo_1   |    at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:291)
jicofo_1   |    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1096)
jicofo_1   |    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:994)
jicofo_1   |    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1010)
jicofo_1   |    at java.lang.Thread.run(Thread.java:748)
jicofo_1   |
prosody_1  | c2s5589c97eb540                         info       Client disconnected: connection closed

The initial web interface appears to be working, but when attempting to join a room it drops into a "Something went wrong, attempting to reconnect in 30s" loop.

The only clue I can find is that both jvb and jicofo appear to have some trouble setting up some config (before initiating the prosody connections)?

jvb_1      | JVB 2018-08-07 06:08:44.667 SEVERE: [10] impl.configuration.ConfigurationActivator.log() Error creating c lib instance for fixing file permissions
jvb_1      | java.nio.file.FileSystemException: /config: Operation not permitted
jvb_1      |    at sun.nio.fs.UnixException.translateToIOException(UnixException.java:91)
jvb_1      |    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
jvb_1      |    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
jvb_1      |    at sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:238)
jvb_1      |    at sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:260)
jvb_1      |    at java.nio.file.Files.setPosixFilePermissions(Files.java:2045)
jvb_1      |    at net.java.sip.communicator.impl.configuration.ConfigurationActivator.fixPermissions(ConfigurationActivator.java:166)
jvb_1      |    at net.java.sip.communicator.impl.configuration.ConfigurationActivator.start(ConfigurationActivator.java:87)
jvb_1      |    at org.jitsi.impl.osgi.framework.BundleImpl.start(BundleImpl.java:307)
jvb_1      |    at org.jitsi.impl.osgi.framework.launch.FrameworkImpl.startLevelChanged(FrameworkImpl.java:472)
jvb_1      |    at org.jitsi.impl.osgi.framework.startlevel.FrameworkStartLevelImpl$Command.run(FrameworkStartLevelImpl.java:137)
jvb_1      |    at org.jitsi.impl.osgi.framework.AsyncExecutor.runInThread(AsyncExecutor.java:122)
jvb_1      |    at org.jitsi.impl.osgi.framework.AsyncExecutor.access$000(AsyncExecutor.java:28)
jvb_1      |    at org.jitsi.impl.osgi.framework.AsyncExecutor$1.run(AsyncExecutor.java:231)

 SEVERE: Error creating c lib instance for fixing file permissions
jicofo_1   | java.nio.file.FileSystemException: /config: Operation not permitted
jicofo_1   |    at sun.nio.fs.UnixException.translateToIOException(UnixException.java:91)
jicofo_1   |    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
jicofo_1   |    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
jicofo_1   |    at sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:238)
jicofo_1   |    at sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:260)
jicofo_1   |    at java.nio.file.Files.setPosixFilePermissions(Files.java:2045)
jicofo_1   |    at net.java.sip.communicator.impl.configuration.ConfigurationActivator.fixPermissions(ConfigurationActivator.java:166)
jicofo_1   |    at net.java.sip.communicator.impl.configuration.ConfigurationActivator.start(ConfigurationActivator.java:87)
jicofo_1   |    at org.jitsi.impl.osgi.framework.BundleImpl.start(BundleImpl.java:307)
jicofo_1   |    at org.jitsi.impl.osgi.framework.launch.FrameworkImpl.startLevelChanged(FrameworkImpl.java:472)
jicofo_1   |    at org.jitsi.impl.osgi.framework.startlevel.FrameworkStartLevelImpl$Command.run(FrameworkStartLevelImpl.java:137)
jicofo_1   |    at org.jitsi.impl.osgi.framework.AsyncExecutor.runInThread(AsyncExecutor.java:122)
jicofo_1   |    at org.jitsi.impl.osgi.framework.AsyncExecutor.access$000(AsyncExecutor.java:28)
jicofo_1   |    at org.jitsi.impl.osgi.framework.AsyncExecutor$1.run(AsyncExecutor.java:231)

Ubuntu 16.04
docker-compose version 1.18.0, build 8dd22a9
Docker version 17.03.2-ce, build f5ec1e2
@saghul
Copy link
Member

saghul commented Aug 7, 2018

Hum. Is your config directory world read-writable ?

@mikemorris
Copy link
Author

mikemorris commented Aug 7, 2018
edited
Loading

Huh, yea I can poke around on the images a bit later to check, but it actually could be something like the directory simply doesn't exist or is missing permissions, ie the prosody run script makes sure the needed directories exist and are writable, maybe this is also needed for jvb and jicofo before attempting to write to /config...

@ztl8702
Copy link

ztl8702 commented Aug 15, 2018

I am also seeing this in the jicofo logs:

jicofo_1   | java.nio.file.FileSystemException: /config: Operation not permitted
jicofo_1   | 	at sun.nio.fs.UnixException.translateToIOException(UnixException.java:91)
jicofo_1   | 	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
jicofo_1   | 	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
jicofo_1   | 	at sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:238)
jicofo_1   | 	at sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:260)
jicofo_1   | 	at java.nio.file.Files.setPosixFilePermissions(Files.java:2045)
jicofo_1   | 	at net.java.sip.communicator.impl.configuration.ConfigurationActivator.fixPermissions(ConfigurationActivator.java:166)
jicofo_1   | 	at net.java.sip.communicator.impl.configuration.ConfigurationActivator.start(ConfigurationActivator.java:87)
jicofo_1   | 	at org.jitsi.impl.osgi.framework.BundleImpl.start(BundleImpl.java:307)
jicofo_1   | 	at org.jitsi.impl.osgi.framework.launch.FrameworkImpl.startLevelChanged(FrameworkImpl.java:472)
jicofo_1   | 	at org.jitsi.impl.osgi.framework.startlevel.FrameworkStartLevelImpl$Command.run(FrameworkStartLevelImpl.java:137)
jicofo_1   | 	at org.jitsi.impl.osgi.framework.AsyncExecutor.runInThread(AsyncExecutor.java:122)
jicofo_1   | 	at org.jitsi.impl.osgi.framework.AsyncExecutor.access$000(AsyncExecutor.java:28)
jicofo_1   | 	at org.jitsi.impl.osgi.framework.AsyncExecutor$1.run(AsyncExecutor.java:231)

This persists after I explictly set /config to 777 from inside the container:

root@af8a3321326f:/config# chmod -R 777 /config
root@af8a3321326f:/config# ls -la
total 12
drwxrwxrwx 2 root root 4096 Aug 15 14:54 .
drwxr-xr-x 1 root root 4096 Aug 15 14:55 ..
-rwxrwxrwx 1 root root  141 Aug 15 11:52 sip-communicator.properties

@saghul
Copy link
Member

saghul commented Aug 16, 2018

@ztl8702 I mean the config directory you pass in the CONFIG env variable, not the one inside the container.

@saghul
Copy link
Member

saghul commented Aug 17, 2018

@mikemorris I think I know what your problem is. You ran docker-compose up as root, but since containers drop privileges I think they'll lose access to the /config mountpoint.

Please run it as a regular user instead.

@saghul saghul closed this as completed Aug 17, 2018
@mikemorris
Copy link
Author

mikemorris commented Aug 17, 2018
edited
Loading

Ahhh, yep, that sounds like it would quite possibly be the issue, as I was able to get the container running locally just fine on my machine and only encountered this issue when ssh'ing into a remote machine as a root user. Thanks!

@immanuelfodor immanuelfodor mentioned this issue Sep 4, 2018
Closed
@immanuelfodor
Copy link

@mikemorris Have you managed to solve the issue on the remote machine via SSH? I think I have the same problem in #11 but I couldn't find out how to make it work. Could you please help me with some insights on what steps you took to overcome your problem?

@immanuelfodor
Copy link

immanuelfodor commented Sep 20, 2018
edited
Loading

It seems we could solve it, the solution was to use https connection and port 8443 by default. All the previous trials that failed were initiated over http:8000.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@saghul @mikemorris @ztl8702 @immanuelfodor