User Management


#1

Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/lNNmAz0DCsc Import Date: 2016-01-19 21:02:20 +0000.
Sender:Ray West.
Date:Wednesday, 22 October 2014 22:55:02 UTC+1.

Hi, I have the dashboard up and running but had a little hiccup during setting up the org and user and now I have a user with no password set. How do I access the user list and/or delete orgs and users to start that process over?

Thanks


#2

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 23 October 2014 16:09:04 UTC+1.

Hi Ray,

I think I see the problem, looking at your two configurations it seems that the redis entries are different, also the dashboard is looking at the wrong port for Tyk, (my fault, because I haven’t synced up the default configs to use the same ports!).

Try using this tyk_analytics.conf:

{
“listen_port”: 3000,
“tyk_api_config”: {
“Host”: “http://localhost”,
“Port”: “8080”,
“Secret”: “352d20ee67be67f6340b4c0605b044b7”
},
“mongo_url”: “mongodb://localhost/tyk_analytics”,
“page_size”: 10,
“admin_secret”: “12345”,
“redis_port”: 6379,
“redis_host”: “localhost”,
“redis_password”: “YpAaZNjq8dtad2ikuedL”,
“force_api_defaults”: true,
“notify_on_change”: true,
“license_owner”: “Your Name”
}

You’ll see I’ve changed the password for redis and I’ve modified the tyk port to use 8080, this way the dashboard can talk to Tyk to create, add, edit and remove keys.

But, I also think you need to make sure that your mongodb is working (I am assuming it’s on the same host as the tyk_dashboard application), on your host, could you type the following commands:

[email protected]:~$ mongo

show dbs

You should get something like this:

admin (empty)
local 0.078GB
tyk_analytics 0.078GB

If you don’t see the tyk_analytics database, then it means that Tyk (and tyk-dashboard) can’t see the DB, so the connection string needs to be amended in both configuration files.

If you don’t have the mongo client or the mongo client can’t connect, then you can install them like this:

[email protected]:~$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
[email protected]:~$ echo ‘deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen’ | sudo tee /etc/apt/sources.list.d/mongodb.list
[email protected]:~$ sudo apt-get update
[email protected]:~$ sudo apt-get install mongodb-org mongo-db mongodb-clients

Let me know how it goes.

Cheers,
Martin


#3

Imported Google Group message.
Sender:Ray West.
Date:Thursday, 23 October 2014 18:47:50 UTC+1.

OK, so I had tried the port issue, except the other way around… but changing the tyk server port to 5000. That did not work, but I also realize now that I missed the redis password in the dashboard config after you asked me to set one in the prior step.

So… success. I think it was likely both of those issues.

Final steps:

Set a password on Redis
Set that password in the tyk.conf and the dashboard conf (username in the tyk.conf file for Redis is not necessary)
Change the tyk port in the dashboard conf to 8080
Profit

Thanks so much!!

Ray


#4

Imported Google Group message.
Sender:Ray West.
Date:Wednesday, 22 October 2014 23:33:45 UTC+1.

Hi Ray,
The easiest thing to do would be to run the tyk-analytics application with the --newuser flag (like you do in initial setup, but without the --neworg flag). This will let you set up another admin user with a password. You should then be able to login and delete the user with an empty password (or set a new one).
Let me know how it goes - will raise an issue so that passwords ant be blank.
Thanks for using tyk!
Martin


#5

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 23 October 2014 00:33:59 UTC+1.

Yeah, I tried that right after I wrote the above and no joy. I keep getting this even with a new user:

ERRO[0131] Could not EXPIRE key
ERRO[0131] ERR Client sent AUTH, but no password is set
ERRO[0131] Error trying to set value:
ERRO[0131] ERR Client sent AUTH, but no password is set
[128 ms] 301 ‘/login’
ERRO[0131] Error trying to get value:
ERRO[0131] ERR Client sent AUTH, but no password is set
ERRO[0131] Key not found
[1281 μs] 200 ‘/’
Thanks for any help.
Ray


#6

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 23 October 2014 01:05:01 UTC+1.

Interesting that when I put in the wrong password I get a bad credentials message. When I put in the right info, I just get redirected to the login page. Happens consistently.


#7

Imported Google Group message.
Sender:Ray West.
Date:Thursday, 23 October 2014 06:49:56 UTC+1.

Looks like the Redis conf may not be correct - there is a known bug that Tyk doesn’t play nice with non-protected DBs (already fixed in master), try setting a password for REDIS in its own config and ensure you can connect and read keys with redis-cli. It would explain why you can’t seem to create new users.


#8

Imported Google Group message.
Sender:Ray West.
Date:Thursday, 23 October 2014 06:52:46 UTC+1.

In fact, the users are probably created, but Tyk stores the session data in REDIS, so if it can’t create the session it will refuse to log you in.


#9

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 23 October 2014 13:04:16 UTC+1.

OK, I set a password in redis and added that password to the tyk.conf. Restarted everything (mongo, redis, tyk, dashboard). Same issue.

This is what I get when starting redis:

Tyk.io Gateway API v1.0

Copyright Jively Ltd. 2014

INFO[0000] No configuration file defined, will try to use default (./tyk.conf)
INFO[0000] Using Redis storage manager.
INFO[0000] Connecting to redis on: localhost:6379
INFO[0000] Setting up analytics DB connection
INFO[0000] Using MongoDB cache purge
INFO[0000] Connecting to redis on: localhost:6379
INFO[0000] Creating generic redis OAuth connection
INFO[0000] Connecting to redis on: localhost:6379
Listening on port: 8080
INFO[0000] Listening on [::]:8080
INFO[0000] Loading API Specification from apps/app_sample.json
INFO[0000] Loading API configurations.
INFO[0010] Not connected to analytics store, connecting…
It never moves past that.

I can set and get keys in redis.

when starting the dashboard, I get:

Tyk.io Analytics Dashboard v0.7

Copyright Jively Ltd. 2014


Listening on port: 3000
Tyk API at: http://localhost:5000
ERRO[0034] Error trying to get value:
ERRO[0034] ERR invalid password
ERRO[0034] Key not found
[3 ms] 200 ‘/’
[321 μs] 304 ‘/styles/1f2549a3.sb-admin.css’
[38 μs] 304 ‘/styles/4aaae68d.bootstrap.min.css’
[251 μs] 304 ‘/images/13ca04d6.esher.png’
[74 μs] 304 ‘/images/5c8902f4.tyk.png’
ERRO[0045] Could not EXPIRE key
ERRO[0045] ERR invalid password
ERRO[0045] Error trying to set value:
ERRO[0045] ERR invalid password
[129 ms] 301 ‘/login’
ERRO[0045] Error trying to get value:
ERRO[0045] ERR invalid password
ERRO[0045] Key not found
[2 ms] 200 ‘/’

Bad credentials message with a bad password, refresh of login page and no message with a good password.

Really appreciate the help. I would love to get this running.

Ray


#10

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 23 October 2014 13:47:52 UTC+1.

Looking at the output from tyk, it all seems to be working OK, the message about the analytics store is usually the last thing you see, so Tyk is running ok.

You can see if Tyk is behaving by trying to create an API key using the API, assuming you still have the default Tyk authentication key in your conf, this should create a key:

curl -H “x-tyk-authorization: 352d20ee67be67f6340b4c0605b044b7” -i -d ’
{
“allowance”: 999,
“rate”: 1000,
“per”: 60,
“expires”: 0,
“quota_max”: -1,
“quota_renews”: 1406121006,
“quota_remaining”: 0,
“quota_renewal_rate”: 60,
“org_id”: “0”
}’ http://localhost:8080/tyk/keys/create ; echo

You should see something like:

HTTP/1.1 200 OK
Content-Type: application/json
Date: Thu, 23 Oct 2014 12:24:00 GMT
Content-Length: 75

{“key”:“0b43859b080dd49316d3a4d9672fc1260”,“status”:“ok”,“action”:“create”}

Tyk should output:

INFO[0979] Generated new key - success. key=0b43859b080dd49316d3a4d9672fc1260

If all that appears in your console then Tyk is properly configured and is creating keys in Redis.

This might be a stupid question, but have you updated the tyk_analyitcs.conf file? It should have all the same redis details as the tyk.conf file, it looks like this:

{
“listen_port”: 3000,
“tyk_api_config”: {
“Host”: “http://localhost”,
“Port”: “5000”,
“Secret”: “352d20ee67be67f6340b4c0605b044b7”
},
“mongo_url”: “mongodb://localhost/tyk_analytics”,
“page_size”: 10,
“admin_secret”: “12345”,
“redis_port”: 6379,
“redis_host”: “localhost”,
“redis_password”: “test”,
“force_api_defaults”: true,
“notify_on_change”: true,
“license_owner”: “Your Name”
}

They are separate because the dashboard assumes it may be running on a different host, or may be using a different redis server for it’s purposes. You should be able to log in even without Redis though, redis in the dashboard is only used for session storage and some pub/sub stuff. It might be that Tyk-dashboard can’t see your MongoDB, you just need to make sure the settings in tyk_analytics.conf are the same as in your tyk.conf.

Let me know how that goes…

Cheers,
M.


#11

Imported Google Group message.
Sender:Ray West.
Date:Thursday, 23 October 2014 14:43:40 UTC+1.

Thanks a lot for the help!

I used your key creation and tyk responded exactly as expected on both sides (after the curl and in the monitor).

tyk.conf
{“listen_port”:8080,
“secret”:“352d20ee67be67f6340b4c0605b044b7”,
“template_path”:“templates/”,
“use_db_app_configs”:false,
“app_path”:“apps/”,
“storage”:
{“type”:“redis”,
“host”:“localhost”,
“port”:6379,
“username”:“admin”,
“password”:“YpAaZNjq8dtad2ikuedL”},
“enable_analytics”:true,
“analytics_config”:{“type”:“mongo”,
“csv_dir”:"/tmp",
“mongo_url”:“mongodb://localhost/tyk_analytics”,
“mongo_db_name”:“tyk_analytics”,
“mongo_collection”:“tyk_analytics”,
“purge_delay”:10}}


#12

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 23 October 2014 14:44:20 UTC+1.

Sorry. Premature Postulation. Remainder coming.


#13

Imported Google Group message.
Sender:Ray West.
Date:Thursday, 23 October 2014 14:50:17 UTC+1.

tyk dashboard conf

{

"listen_port": 3000,

"tyk_api_config": {

    "Host": "http://localhost",

    "Port": "5000",

    "Secret": "352d20ee67be67f6340b4c0605b044b7"


},

"mongo_url": "mongodb://localhost/tyk_analytics",

"page_size": 10,


"admin_secret": "12345",

"redis_port": 6379,

"redis_host": "localhost",

"redis_password": "test",

"force_api_defaults": true,

"notify_on_change": true,

“license_owner”: “Your Name”}

Same result as before in the dashboard.
Sorry to be a pain. Really appreciate your help. Everything looks good except that the login refreshing. This is in Chrome and Firefox on a Mac.
Ray


#14

Imported Google Group message.
Sender:Ray West.
Date:Thursday, 23 October 2014 16:09:04 UTC+1.

Hi Ray,

I think I see the problem, looking at your two configurations it seems that the redis entries are different, also the dashboard is looking at the wrong port for Tyk, (my fault, because I haven’t synced up the default configs to use the same ports!).

Try using this tyk_analytics.conf:

{
“listen_port”: 3000,
“tyk_api_config”: {
“Host”: “http://localhost”,
“Port”: “8080”,
“Secret”: “352d20ee67be67f6340b4c0605b044b7”
},
“mongo_url”: “mongodb://localhost/tyk_analytics”,
“page_size”: 10,
“admin_secret”: “12345”,
“redis_port”: 6379,
“redis_host”: “localhost”,
“redis_password”: “YpAaZNjq8dtad2ikuedL”,
“force_api_defaults”: true,
“notify_on_change”: true,
“license_owner”: “Your Name”
}

You’ll see I’ve changed the password for redis and I’ve modified the tyk port to use 8080, this way the dashboard can talk to Tyk to create, add, edit and remove keys.

But, I also think you need to make sure that your mongodb is working (I am assuming it’s on the same host as the tyk_dashboard application), on your host, could you type the following commands:

[email protected]:~$ mongo

show dbs

You should get something like this:

admin (empty)
local 0.078GB
tyk_analytics 0.078GB

If you don’t see the tyk_analytics database, then it means that Tyk (and tyk-dashboard) can’t see the DB, so the connection string needs to be amended in both configuration files.

If you don’t have the mongo client or the mongo client can’t connect, then you can install them like this:

[email protected]:~$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
[email protected]:~$ echo ‘deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen’ | sudo tee /etc/apt/sources.list.d/mongodb.list
[email protected]:~$ sudo apt-get update
[email protected]:~$ sudo apt-get install mongodb-org mongo-db mongodb-clients

Let me know how it goes.

Cheers,
Martin