Can’t retrieve amadmin password

This topic contains 6 replies, has 2 voices, and was last updated by  8427C399-9811-4941-A0B3-92AF6BF19CD9 1 month, 1 week ago.

  • Author
    Posts
  • #26865

    Following https://backstage.forgerock.com/docs/platform/6.5/eks-cookbook/
    forgeops 6.5.2
    AWS EKS, kubernetes versions 11,13 and 14 all same result…

    After the deployment I try (4.1.2. Accessing AM Services), to get the amadmin password with:

    kubectl get configmaps amster-config -o yaml | grep adminPwd

    and get back null as a password.

    Try signing in as amadmin with blank password (doesn’t work thankfully)
    Try signing in with password defined in samples/config/prod/s-cluster/common.yaml (doesn’t work)

    kubectl logs amster-xxxxxxxxxx-yyyyy -c amster -f doesn’t show any errors and does show all expected output as defined in the cookbook.

    Why does that command to retrieve the password fail?
    How do I control the amadmin password?
    It’s not clear if the password I should be retrieving is randomly generated or controlled by a config file.
    Which is it?

    Thanks!

    #26867
     Warren Strange 
    Participant

    The helm chart either takes a value that you explicitly set on deployment (in a values.yaml file, or a –set option) – OR if not set, it generates a random 10 character passsword.

    This is the template in the amster-config map:

    --adminPwd {{ if .Values.amadminPassword }}{{ .Values.amadminPassword }}{{ else }}{{ randAlphaNum 10 | quote }}{{end}}

    So grep for the value “adminPwd”.

    If for some reason this is set to null, that looks like some kind of deployment error. You will need to redeploy.

    Aside, if you are not too far down the road on the 6.52 install, I recommend looking at the skaffold-6.5 preview branch. It is a simpler workflow that is much easier to deploy. The technical preview docs are work in progress – but you can look at the EA docs: https://ea.forgerock.com/docs/platform/devops-guide-minikube/index.html

    #26868
     Warren Strange 
    Participant

    Grep for adminPwd (perhaps dump the entire config map)

    #26870

    I think the problem may be how I am calling deploy.sh or deploying amster?

    I have tried several different ways to deploy and gotten very consistent results–password is always null

    Using the 100% stock FR CDM code, I am deploying amster with:

    ./deploy.sh ../samples/config/prod/s-cluster/

    Is this right? Are there some other parameters or custom config files I need to pass?

    Using my custom code I do:

    helm --home $HOME/.helm --kubeconfig "$HOME/.kube/${EKS_CLUSTER_NAME}" install --name ${EKS_CLUSTER_NS}-amster --namespace ${EKS_CLUSTER_NS} \
    --values ${CONF_DIR}/common.yaml --values ${CONF_DIR}/amster.yaml ../helm/amster

    Both methods result in a null amadmin password.

    Can you please provide the correct parameters and config files to ensure that amster is being deployed in a way that allows it to auto generate a retrievable password?

    Thanks!

    #26871
     Warren Strange 
    Participant

    If you use the deploy.sh it uses the override values set under the samples directory. The amadminPassword is set to “password” in common.yaml

    Try to use helm template instead of helm install – it will show you the yaml value that would be sent to the cluster.

    You can also try to add –set amadminPassword=foo on the command line

    #26872

    When using ./deploy.sh ../samples/config/prod/s-cluster/ with 12 amadminPassword: password in ../samples/config/prod/s-cluster/common.yaml, the amadmin password is NOT being set to “password”. Or at least when I try to retrieve it, I am getting null instead of “password”

    So there is some disconnect somewhere. Either I am calling deploy.sh with the wrong parameters or there is a problem with the config file structure or config file content.

    The forgeops repo is 100% stock and I am in branch 6.5.2.
    Perhaps commenting out line 12 in common.yaml will force the auto-generation?

    #26874

    As I suspected, commenting line 12 in ./samples/config/prod/s-cluster/common.yaml

    12 #amadminPassword: password, forced amster to auto-generate a random password.

    Thanks for the clarification that made this resolution possible!

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?