Hello
I deployed renku helm chart and all components are up and running. I logged into keycloak and i setup federation using LDAP. now i’m able to connect to gitlab but not to runku(renku-ui)
in renku-ui, when i click in login button, i get this error:
Internal Server Error
The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.
when i check in the keycloak, in renku realm there are only two clients related to renku (gitlab and renku) in documentation i see that 4 clients must be created .
is my issue related to this keycloak config ?
Thanks
Regarding the Internal Server error, do you see any errors in the logs of gateway and/or keycloak pods?
To take the LDAP configuration factor out: are you able to register a test user (without LDAP) and login with it?
The clients in the Renku realm should look something like this:
account /auth/realms/Renku/account
admin-cli Not defined
broker Not defined
gitlab https://renku.mydomain.com/gitlab
realm-management Not defined
renku https://renku.mydomain.com
security-admin-console /auth/admin/Renku/console/index.html
I get this error in renku-gateway-auth logs:
ERROR in app: Exception on /api/auth/gitlab/token [GET] …
oauthlib.oauth2.rfc6749.errors.InvalidClientError: (invalid_client) Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.
I created a user in Keycloak, disabled the LDAP and as usual I’m able to connect to gitlab but not to renku I still having the same issue
Internal Server Error
The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.
@abella91 can you try restarting the renku-gateway-auth? (scale down the deployment to 0 and then back to 1 or simply deleting the pod).
It happens that when you make changes to identity providers or user federations, the authentication component in Renku (gateway) needs to update the key it uses to interact with keycloak.
Hello,
I scaled down then up but i still having this error in the logs of the pod enku-gateway-auth-xyzxyz
ERROR in app: Exception on /api/auth/gitlab/token [GET] …
oauthlib.oauth2.rfc6749.errors.InvalidClientError: (invalid_client) Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.
After executing of the helm chart, how many clients should be created in the keycloak renku realm?
Hi @abella91 and sorry for the late response. The answer to your question ist one or two, depending on wether you use a pre-existing GitLab or if you deploy one with RenkuLab. The clients that should be created in the Renku realm during the helm install are defined here: renku/_keycloak-clients-users.tpl at master · SwissDataScienceCenter/renku · GitHub
It might be easiest to help you if you could post your values file here (after obfuscating the secrets of course).
Hello @andreas and thank you for your response.
I used the script renku/make-values.sh at master · SwissDataScienceCenter/renku · GitHub (make-values.sh -domain mydomain.com --output-file renku-values.yaml)to generate my config values
All components (renku, gitlab and keycloak) are created during the chart installation and
after installation, i got 2 clients (gitlab and renku) for the renku releam in keycloak
Do you need all the config values(file renku-values.yaml) or just few of them
Ah, it’s good to know that you used that script. I’ll run it myself to see if there’s some problem with the resulting values file and get back to you. Just one more question: which version of the Renku chart did you deploy?
Hello, I installed the chart via this command: helm upgrade --install renku renku/renku --namespace renku -f renku-values.yaml and the installed version of the chart is renku-0.7.6
@abella91 just checking: are you using the latest make-values.sh script or the one that came with tag 0.7.6? we had fixed a bug/typo in the script you might want to take a look fix: move to helm-chart and fix anchor in tmpl · SwissDataScienceCenter/renku@fd96216 · GitHub
If this is the case, you basically need to change value of notebooks.jupyterhub.hub.services.gateway.apiToken to &gwJHclientSecret instead of &gwJHclientId (line 212).
Hello, thank you. when i used the script i got this bug/typo and I corrected it in my local cloned renku repository and renku-values.yaml was generated
I managed to reproduce your problem @abella91. The fix is a one-liner (as so often). See this PR for the necessary change. There’s no need to regenerate your values file. Replacing the random string with the same YAML alias in your rendered values file and re-deploying should be enough. Please let me know if this fixes your problem.
