Cannot Add New User With Brand New Deployment on Ubuntu 20.04.5
jpmahon opened this issue · 8 comments
Ansible Deployment Release: (Latest) v2.1.0 (ACS 7.2.1)
OS: Ubuntu 20.04.5
vars/secret.yml :
repo_db_password: 'name1'
sync_db_password: 'name1'
reposearch_shared_secret: 'name1'
activemq_password: 'name1'
Ran the installation using pipenv without error.
- Logged in as admin/admin
- Pressed "Admin Tools"
- Pressed "Users"
- Pressed "New User"
- Filled Out Form by answering only required questions
- Pressed "Create User"
Error message: Failure / We couldn't create user .
Cannot find relevant Error message in logs.
One more detail:
Shell command to run ansible:
pipenv run ansible-playbook playbooks/acs.yml -i inventory_local.yml -e "@community-extra-vars.yml" -vvv
that's the same issue reported in Alfresco/acs-community-packaging#367
you can either apply manually this fix or use the current master of the playbook that already contains the fix (together with the acs 7.2 extra vars file because the default version is acs 7.3 since a few days)
I reproduced locally the issue on playbook 2.1.0 and then cherry-picked the fix and verified that users in share can be listed and created succesfully:
Gionn
The patch you suggest is in the playbook. I tried editing the resulting file i.e. /etc/opt/alfresco/content-services/classpath/alfresco/web-extension/share-config-custom.xml and I still could not create a user.
I could search and find users.
Does the playbook do something else with the patch other than create the file?
Can I run the playbook over again?
Thanks
John
I tried editing the resulting file i.e. /etc/opt/alfresco/content-services/classpath/alfresco/web-extension/share-config-custom.xml and I still could not create a user.
you probably need to restart alfresco-content service or changes won't be picked up
systemctl restart alfresco-content
You can re-run the playbook as many times you want, changes to config files are usually handled triggering a restart of the impacted services.
I restarted the whole computer and it still didn't work. I will try a fresh install with the modified playbook and see if that works.
Also in the #367 discussion there were two instances of "show-authorization-status>true" that were discussed i.e. in
/var/opt/alfresco/tomcat/webapps/share/WEB-INF/classes/alfresco/share-config.xml
/etc/opt/alfresco/content-services/classpath/alfresco/web-extension/share-config-custom.xml
Does the playbook change both of these?
Thanks
John
I did the fix in the playbook and reinstalled Alfresco.
The users could be listed but NOT created.
It was suggested that there might be a problem in the cors settings and that I should modify roles/repository/defaults/main.yml to reflect the correct CORS configuration or set enabled: false under the cors config section.
That worked for me.
So perhaps in your settings that had already been changed?
Thanks
John
I guess things were working ok on our side without further config because test has been done on localhost (which is the default CORS origin).
In order to have CORS and CSRF configured properly for any other domain read this: https://github.com/Alfresco/alfresco-ansible-deployment/blob/master/docs/SECURITY.md
And in particular for Share: https://github.com/Alfresco/alfresco-ansible-deployment/blob/master/docs/SECURITY.md#share-security-setup
Just confirming that this is not related to Alfresco/acs-community-packaging#367.
Alfresco/acs-community-packaging#367 is already fixed in the Ansible deployment for 7.4.0.1, so you can list users, but not create them. If you turns off CORS you can then create users.