WebUI: Can't log in

Sensu Go
1

Hello everybody,

I am new to Sensu but I tried my best to read the docs and follow the instructions.

I am using Sensu Go with the official puppet module on Debian buster.

 cat /etc/debian_version 
10.7

This is the configuration of the backend-host (I left out checks, handlers and assets)

  sensu:
    agent_entity_config_password: my_paassword
    api_host: sensu-backend.example.org
    password: my_paassword
  sensu::agent:
    backends:
    - sensu-backend.example.org:8081
    subscriptions:
    - linux
  sensu::backend: 
  sensu::cli: 
  sensu::plugins:
    plugins: {}
  
  
  ...

This works fine - my hosts are being monitored and even the slack-notification worked out just fine.

But if I try to reach webui (https://sensu-backend.example.org:3000) I can not log in using sensu/my_paassword .

Sensu returns:

Bad username or password.

Dez 11 08:51:02 sensu-backend[7691]: {“component”:“apid.routers”,“error”:“unauthorized”,“level”:“error”,“msg”:“invalid username and/or password”,“time”:“2020-12-11T08:51:02+01:00”,“user”:“sensu”}

The backend has been initialized correctly:

sensu-backend init --interactive using my credentials I tried to log in to webui returns

{“component”:“backend.seeds”,“level”:“info”,“msg”:“store already initialized”,“time”:“2020-12-11T08:53:51+01:00”}

So what could be the reason why I can’t log in?

2

Odd.

Since puppet can inject sensu resources, there definitely some user/password active. Puppet is authing as a user to inject those resources. This is most likely something subtle in your puppet configuration where puppet is configured to create the initial user/password that is subtly different than what you expect. Something silly like puppet perhaps adding quotation marks verbatim as part of the password when you expected the quotes to be stripped?

Can you share a stripped down puppet config that we can both run against a throw away host that does the bare minimum to init a backend?

3

Hi @jspaleta,

thanks for your reply.

The shown configuration of the backend-host is written as hash used for foreman’s ENC.

In basic puppet classes, this is:

   class { 'sensu':
    password => 'kOjKans§s',
    api_host                     => 'sensu-backend.example.org',
    agent_entity_config_password => 'kOjKans§s',
  }
  include sensu::backend

  class { 'sensu::agent':
    backends      => ['sensu-backend.example.org:8081'],
    subscriptions => ['linux'],
  }

Mention: I created a password, that is of course not my original password. You are free to change it. I included the “§” as it’s a special character and this was used in my setup, too.

4

Ah that special character…

I was able to confirm that this special character seems to cause a problem in the web-ui login.

creating a user manually using a password with that character… i can login with sensuctl but i cannot login with the web-ui.

1 Like
5

Alright - seems to be something to look at.

Is it possible to reset the password and re-init the webui?

6

Yeah you can install the cli tool sensuctl and reset the password. Looks like a bug specifically in the webui in how that input is being handled.

I can’t reproduce the problem authenticating directly with curl using the api…or with sensuctl.

7

Yep, that fixed it and I can log in. Great, thanks a lot.

Strange that nobody saw that before, as special chars are kinda default today…

Thanks for your help!

8

well some characters are extra special it seems.