• State Not Answered
  • Replies 5 replies
  • Subscribers 95 subscribers
  • Views 764 views
  • Users 0 members are here
Options
Related

API server on Docker doesn't accept incoming requests

nini
over 1 year ago

Hello One Identity Forum,

We are attempting to deploy One Identity on linux-based Docker containers (running on Azure). We initially wanted to deploy the `app`, `api`, `job` and `dbagent` containers, but are struggling with the `api` container.

We deploy the `api` container alongside the `app` container in two separate Azure Container Instances, and the containers are able to communicate with eachother as they are connected to the same vnet. The containers are able to resolve their domain names using a private DNS zone linked to the vnet. Both containers connect successfully to the same Azure SQL Database, where One Identity is installed.

To test the API container, we run a query like described in the final (and only) example on how to use the REST API in the documentation (here https://support.oneidentity.com/technical-documents/identity-manager/9.1/rest-api-reference-guide/12#TOPIC-1873736). We are able to authenticate, and get a session token back, from the app server. But when querying the API container on the /entities/Person endpoint (also same error on the /api/entities/Person endpoint), the API server just replies with an empty 200 response. In the logs for the API server, we find an error like below

2023-04-14 14:06:56.9618 ERROR (WebLog ) : System.Exception: Unhandled exception occurred on URL /entities/Person?loadType=ForeignDisplays System.Exception: Unhandled exception occurred on URL /entities/Person?loadType=ForeignDisplays ---> System.Web.HttpException: Method 'POST' is not allowed when accessing file '/entities/Person'
  at System.Web.DefaultHttpHandler.BeginProcessRequest (System.Web.HttpContext context, System.AsyncCallback callback, System.Object state) [0x00079] in <97029e9aa8df418ab32d318585bc1792>:0 
  at System.Web.HttpApplication+<Pipeline>d__225.MoveNext () [0x008d4] in <97029e9aa8df418ab32d318585bc1792>:0 
  at System.Web.HttpApplication.Tick () [0x00000] in <97029e9aa8df418ab32d318585bc1792>:0 
   --- End of inner exception stack trace ---
10.0.9.4 - - [14/Apr/2023:14:06:56 +0000] "POST /entities/Person?loadType=ForeignDisplays HTTP/1.1" 200 227 "-" "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.19043; en-CH) PowerShell/7.3.3"

The API container is deployed using the following manifest to Azure:

apiVersion: '2021-07-01'
location: switzerlandnorth
name: aciapi
properties:
  containers:
  - name: api
    properties:
      environmentVariables:
        - name: DBSYSTEM
          value: "MSSQL"
        - name: CONNSTRING
          value: "Data Source=<db>,1433;Initial Catalog=<initial_db>;User ID=<user>;Password=<pass>"
        - name: UPDATEUSER
          value: "Module=DialogUser;User=<dialog_user>;Password=<dialog_pass>"
        - name: BASEURL
          value: "http://<private_domain_name_here>"
        - name: APPSERVERCONNSTRING
          value: "http://<private_domain_name_for_app_container_here>"      
      image: oneidentity/oneim-api:9.0
      ports:
      - port: 80
      resources:
        requests:
          cpu: 1.0
          memoryInGB: 1.5
  ipAddress:
    type: Private
    ports:
    - port: 80
  subnetIds:
    - id: <subnet_id>
  osType: Linux
tags: null
type: Microsoft.ContainerInstance/containerGroups

We are unsure how to proceed to debug this. We have tried to post also to /api/entities/Person, but no luck. The API server responds on the /swagger/swagger.json endpoint with the Swagger docs, which is cool, I guess.

Please advice. Thank you!

  • 0 over 1 year ago

    The REST API documentation is for the public REST API served by the Application Server only. So any request against <API Server>/api/entities/Person will not work.

  • 0 over 1 year ago in reply to Markus Weiss-Ehlers

    Hey Markus. That's cool, finally figured that out as well, that the APP server also exposes a REST API (offering the /entities/Person endpoint). Very cool, looks to work. There seems to be an issue with the Linux API-server containers though, where they are unable to resolve certain services at startup (IWorkflowService, and sometimes another one I can't remember). Check the following stack trace:

    ```
    Installing CPL TypeScript API Client
    Installing DPR Typescript API Client
    Installing POL TypeScript API Client
    Installing QBM TypeScript API Client
    Installing RMB TypeScript API Client
    Installing RMS TypeScript API Client
    Installing RPS TypeScript API Client
    Installing TSB TypeScript API Client
    Installing QER.Documentation
    Installing bin\CCC.CompositionApi.global.json
    Installing ApiServerIisInstallationFiles
    Copying web.config...
    Replacing variables in /var/www/web.config
    Creating QBMWebApplication with URL http://api.iam.aci.com...
    Done.
    Workaround: prevent auto updates
    Creating session certificate /run/secrets/SessionCertificate.pfx
    /tmp /var/www
    Generating RSA private key, 2048 bit long modulus (2 primes)
    ..+++++
    ......................+++++
    e is 65537 (0x010001)
    [Thu Apr 13 12:00:26.839026 2023] [mpm_event:notice] [pid 129:tid 139851886163072] AH00489: Apache/2.4.38 (Debian) mod_mono/3.13 configured -- resuming normal operations
    [Thu Apr 13 12:00:26.839218 2023] [core:notice] [pid 129:tid 139851886163072] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND'
    Listening on: /tmp/mod_mono_server_default
    Root directory: /var/www/
    2023-04-13 12:00:45.8864 INFO (WebLog ) : Performance counters not initialized, run ConfigFileEditor to register the performance counters.
    2023-04-13 12:00:46.3843 INFO (WebLog ) : Starting plugin: QBM.CompositionApi.PlugIns.ServiceUnavailablePlugIn
    2023-04-13 12:00:46.5836 INFO (WebLog ) : API Server state is now: Running
    Exception while initOnce: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> VI.Base.IoC.TypeNotRegisteredException: Type QER.CompositionApi.ITShop.Assignment.IRequestDisplayService was not registered.
    at VI.Base.IoC.LifetimeScopeImpl.Resolve[T] () [0x0001b] in <561d0f28cb3b4806b32603d868ac5de3>:0
    at VI.DB.Services.Resolve[T] () [0x00037] in <b8480e41c56043b5a63fbf32aa0ddba2>:0
    at RMS.CompositionApi.Bootstrapper.RegisterServices (VI.DB.IServices svc) [0x00000] in <3afdacbb186d4dbbbc968f6b0edd2ce8>:0
    at QBM.CompositionApi.Bootstrapper.RegisterServices (VI.DB.IServices services) [0x00174] in <2dc4f30c85af4003941b60c5871538d9>:0
    at QBM.CompositionApi.ApiManager.ApiServerServices.BuildResolver () [0x0001d] in <79bc4a35ca77458fb508223e172c86b2>:0
    at System.Lazy`1[T].ViaFactory (System.Threading.LazyThreadSafetyMode mode) [0x0001c] in <de882a77e7c14f8ba5d298093dde82b2>:0
    --- End of stack trace from previous location where exception was throw2023-04-13 12:00:46.5994 INFO (WebLog ) : Starting plugin: QBM.CompositionApi.PlugIns.ServiceUnavailablePlugIn
    n ---
    ...
    Please restart your app to unlock it
    ```

  • 0 over 1 year ago in reply to margaretherring05

    You are using the wrong container image in combination with the sample from the documentation. The correct one matching the documentation would be the oeidentity/oneim-appserver

  • 0 2 months ago in reply to nini

    Hello  ,  can you share how did you solve this problem?