EINVAL error on login
fengor opened this issue · 20 comments
Hi
i have been trying to get your vault-ui docker image to work on a multinode Kubernetes cluster (https://github.com/coreos/coreos-kubernetes/tree/master/multi-node/vagrant) but alwys get the following error message no matter which auth backend i use:
Error: Error: connect EINVAL 0.0.32.8:80 - Local (0.0.0.0:0)
I verified that i can reach the clusterip and the serviceport of the vault service as wella s the nodeip and nodeport of the vault service from inside the vault-ui container.
Any hints on how to debug this? The error message is meaning nothing to me. I can only suspect that there is some connectivity issue?
that works fine
NAME READY STATUS RESTARTS AGE
etcd-operator-346152359-t2czs 1/1 Running 0 3h
example-etcd-cluster-0000 1/1 Running 0 1h
example-etcd-cluster-0001 1/1 Running 0 1h
example-etcd-cluster-0002 1/1 Running 0 1h
vault-364488652-06k5c 1/1 Running 0 1h
vault-364488652-1v995 1/1 Running 0 1h
vault-ui-1028415239-xgvgn 1/1 Running 0 9m
[cloudie@eternia vagrant]$ kubectl exec -it vault-364488652-1v995 vault auth
Token (will be hidden):
Successfully authenticated! You are now logged in.
token: 793938fc-11f8-d18a-7f21-499d43273e0e
token_duration: 0
token_policies: [root]
[cloudie@eternia vagrant]$
yupp already tried it. the url i'm using is working fine with a different vault-ui project but the ux of that one isn't quite as good.
Just to clarify, are you having trouble reaching Vault-UI through your browser? Or are you having trouble reaching Vault from Vault-UI?
I'm having trouble reaching Vault from Vault-UI.
I've seen EINVAL when I was using the wrong protocol. Can you confirm that you are using the proper http/https endpoint with the port appended to the connection string?
I'm using the same endpoint that is working with the nyxcharon/vault-ui
I'm no knowing enough about react to be able to debug it further. and the container logs dont show an error either
In the Firefox console i see a request to http://172.17.4.201:30080/v1/auth/token/lookup-self?vaultaddr=10.3.0.87:8200 which gets a 500 Return Code and the response contains the following :
| errors | [1] |
|---|---|
| 0 | Error: connect EINVAL 0.0.32.8:80 - Local (0.0.0.0:0) |
0.0.32.8 is not a valid IP address
I'm not trying to access 0.0.32.8. I am trying to access: 10.3.0.87:8200
@fengor, you're missing the protocol scheme in your vault addr. That URI should either look like:
unsecure
http://172.17.4.201:30080/v1/auth/token/lookup-self?vaultaddr=http:%2F%2F10.3.0.87:8200
or
secure
http://172.17.4.201:30080/v1/auth/token/lookup-self?vaultaddr=https:%2F%2F10.3.0.87:8200
We could put logic in place where if it's missing, assume https, otherwise, that is definitely your issue.
Or just give a decent error message? Like check if the string starts with http?
Going to try with the protocol in the url tomorrow and will report.
I'd classify this as a missing input validation bug or at least unclear documentation.
I agree, thanks for the input. We'll leave this issue open until we have a fix.
Ok tested it with the protocol in front and the http://10.3.0.87:8200 successfully connects.
Insofar as handling the wrong input I'd prefer a simple and clear error message to prepending http/s:// if it misses since it could confuse an user if the wrong protocol was assumed.
I created a pull request with a quick fix to the readme.md that would have helped me to avoid this issue. That isn't a real fix but should help till the real fix is implemented
Closing per #204.