Docker Community Forums

Share and learn in the Docker community.

Fail to login to UCP web console


(Clarence Ho) #1

After initial install, I am able to login to UCP web console.

However, I found that today I am not able to login.

I am using “admin” user, and I am sure that I entered the correct password.

From the controller’s container log, I see the following message:
{“level”:“info”,“msg”:“unauthorized: invalid authentication token provided 61.238.179.205:53073”,“remote_addr”:“61.238.179.205:53073”,“tags”:[“api”,"/version"],“time”:“2015-12-14T12:08:04Z”,“type”:“unauthorized”}

Attached please found the image for Chrome network log, it indicates the server returns a 401 error to the login request. The payload is the json object {username: “admin”, password: “secret”}

However, I am still able to login with CLI. Is there any way that I can trace the problem, or reset my password using the CLI?

Kindly advice
Clarence


(Banjot) #2

All CLI operations utilize the private key corresponding to the certificate from the cert bundle to establish a client-authenticated TLS session. These are distinct from the password-based authentication used in the Web UI.

Unfortunately, there’s no way to change your admin password without either:

  1. logging in with the existing admin password and performing a change password operation
  2. logging in as a different user with admin privileges who can change the password on another user.

The only last alternative would be to re-run the installer and re-enter your admin password.


(Patrick Devine) #3

Do you have more of the log file from the controller?

Also, one (maybe not so) crazy thing you could you try would be to try logging in again with “Incognito” mode. There’s a bug with client certs that you may be running in to.

Thanks!
–Patrick.


(Evan) #4

Assuming you have access to the host with Docker (or you should be able to use your certs too):

Docker exec into KV container:

docker exec -ti ucp-kv ash

Remove the existing Admin account:

curl -XDELETE -s --cacert /etc/docker/ssl/ca.pem --cert /etc/docker/ssl/cert.pem --key /etc/docker/ssl/key.pem -k https://127.0.0.1:2379/v2/keys/orca/v1/accounts/admin

Restart the UCP controller to re-create the admin account:

docker restart ucp-controller

Login with the default UCP password: orca


(Clarence Ho) #5

Hi Evan,

I followed your procedure and is now able to login to UCP.

Thanks a lot for the advice
Clarence


(Aavillaatyp) #6

Thanks Evan.

Mine started breaking by doing the following steps:

Still trying your steps and playing around with the kv container to see what is going on.

Let me know if I can provide more details and thanks in advance to anyone that can help.


(Clarence Ho) #7

Hi all,

I am still having the issue for UCP beta 0.6. After some time, I am not able to login to web console, and then need to following the procedure to reset admin password everytime.

Hope can be resolve soon.

Cheers
Clarence


(Daniel Palstra) #8

After 6 days of running UCP we ran into the same issue. We did not delete and generate any new client bundles, just used the first generated one. Evan’s reply helped us in resetting the password. I am happy to provide logging or give access to our UCP host (installed for demo purposes) to get the root cause.


(Evan Montgomery-Recht) #9

Had this happen to me over the weekend, can we update the documents to reflect this? Or is this a ‘unsupported feature’. We ended up reinstalling (since it was a new swarm)


(Aavillaatyp) #10

I am still having this issue in a fresh install of 0.8.0 ebe0ec5. I am also hooked up to LDAP if that matters for fixing steps. This is pretty much a blocker for us.