Installing and using the V3 stack as a private service - I've got stuck

see also the slack channel for V3 - https://thethingsnetwork.slack.com/messages/CFVF7R4AH/

2 Likes

So, I’ve bumbled through this… having never used docker before, its a first!

I’ve installed the v3 stack on an Amazon EC2 micro.t2 instance which is running debian version 9. The instructions are mostly good, In the getting started guide, it says to use the provided. docker-compose.yml . I had assumed ( wrongly ) that docker would pull all the files it needs when you use this. that is not the case, you needed to have cloned the github repo first. (doh). Once you’ve done that, then the instructions work as expected.

I’ll submit a pull request with the addition of a single line in the README.md file under prerequisites;

  • Clone the lorawan stack from github

git clone https://github.com/TheThingsNetwork/lorawan-stack.git

because it was installed in AWS, I did need to consider what network ports are configured for the security groups. The details are usefully in docs/networking.md

While I was able to register a single App, and a device, and point a single gateway to it, Its a bit more ‘raw’ than the public interface ( which is very polished ).

Things i need to work out;

How do you set up the network server so it runs like a service ( like any normal service ) any time it gets rebooted
How to see joins/data etc like you can on the public interface
how to more effectively add/remove devices/apps etc. It seems quite long winded to use the docker-compose commands. I have not figured out how to use the CLI on this.

Anyway it seems like progress

I’m still struggling with the CLI. I hope someone is able to point me in the right direction.

I followed the instructions at https://github.com/TheThingsNetwork/lorawan-stack/blob/master/doc/gettingstarted.md#login to login.

This is what i did, and the response i got. Since I dont’ have a local browser on the server, i connected to this address using the url https://mypublicip:8885[ can you modify something so it uses publicly reachable names? ]

admin@ip-172-31-30-168:~/lorawan-stack$ docker-compose exec stack ttn-lw-cli login
INFO Please go to https://localhost:8885/oauth/authorize?client_id=cli&response_type=code
INFO Waiting for your authorization…
oauth/authorize?client_id=cli&response_type=code
INFO Got OAuth access token
admin@ip-172-31-30-168:~/lorawan-stack$

The message “Got OAuth access token” was displayed in the web browser, and the on the console of the Server, i get the prompt back.

Whats next? How do i use this CLI? Are the commands for the CLI like the ones suggested like this?

docker-compose exec stack ttn-lw-cli end-devices create --device-id dev1 --dev-eui 0004A30B001C0530 --join-eui 800000000000000C --application-id app1 --frequency_plan_id EU_863_870 --root_keys.app_key.key 752BAEC23EAE7964AF27C325F4C23C9A --lorawan_phy_version 1.0.2-b --lorawan_version 1.0.2

Is there any more documetation? At this point i’m stuck, my google foo has run out of power, ( I’m thinking i’m searching for the wrong thign ).

Hi, I was blocked by the login also.
When I run log in command

docker-compose exec stack ttn-lw-cli login

it will prompt to open the following link to complete the authentication:

WARN No access token present                 
INFO Please go to https://localhost:8885/oauth/authorize?client_id=cli&response_type=code
INFO Waiting for your authorization...

Then I open the link through browser, and input the admin password, nothing happens.
From the server terminal, I can see the following log:

stack_1      |  ERROR Request error                            duration=10.210223ms method=GET namespace=web remote_addr=172.18.0.1:36954 request_id=01D4PH8D7VYWNHQX7BS32SZSDT response_size=1645 status=500 url=/oauth/authorize?client_id=cli&response_type=code
stack_1      |   INFO Request handled                          duration=15.132103ms method=GET namespace=web remote_addr=172.18.0.1:36954 request_id=01D4PH8DGME8595WHBZX72X4C5 response_size=237 status=200 url=/oauth/api/me

Can anyone help?

@vinzen01 please see the Getting Started; there’s no (more) ttn-lw-cli exec in the container anymore.

This person is having the same issue as i described in issue 179. The use of the CLI/ the Auth process is not immediatley apparent, unless you know what Oauth is.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Hi,

I have installed V3 stack on debain 10 server using docker and following official instruction.
With my installation I was able to authenticate user using http://10.0.0.100:1885/ (not locally on server) successfully (I saw response 200 on docker log) but I didn’t gain access to console because I was redirected on http://localhost:1885/console (so on the server).
If I try with browser locally on the server login in was successfully.
I haven’t configure at moment any TLS.

Anyone could support me please understanding why server is redirecting locally response and not using ip address?

Thanks.

Hello, everyone,

I have just installed a private instance of thingsnetwork according to these tutorial: https://thethingsstack.io/v3.6.0/guides/getting-started/

The installation went so far without problems but I am not able to login to the online console. As soon as I enter my ID and password I get the following error message:

{
  "code": 3,
  "message": "error:pkg/oauth:no_user_id_password_match (incorrect password or user ID)",
  "details": [
{
  "@type": "type.googleapis.com/ttn.lorawan.v3.ErrorDetails",
  "namespace": "pkg/oauth",
  "name": "no_user_id_password_match",
  "message_format": "incorrect password or user ID",
  "code": 3
 }
  ]
}

I know that the credentials are correct because I can login to thethingsnetwork without problems.

The output of the Stack-Server itself looks as follow

stack_1      |   INFO Request handled                          duration=3.7572ms method=POST namespace=web remote_addr=172.18.0.1:41098 request_id=01E3VZTJSW88C9W35X5S50QAYV response_size=286 status=400 url=/oauth/api/auth/login

the login for ttn and the self hosted ttn-stack are not the same.

on your selft hosted version you need to use the admin user you created while installing it

1 Like

Hi Wasn,

this was my first attempt. However, if I use the username and password defined in ttn-lw-stack.yml File I’m still not able to login.

EDIT:

Following the guide that I mentioned before https://thethingsstack.io/v3.6.0/guides/getting-started/ I didn’t really create a admin account. They are mentioning at some point that I can register an account (if needed) but this doesn’t seem to work properly. Because when I try to register a new user nothing is happening. Even in the log file no entry is produced.

hi

i mean this point in the docu:

$ docker-compose run --rm stack is-db create-admin-user \
  --id admin \
  --email your@email.com

here you create the admin account.
use the username admin and the given passwort to login.

2 Likes

Since I still had some issue when I was running tttn stack I tried to reinstall the server as described in the previous mentioned documentation. I even used the configuration file as described in the documentation. Unfortunately, I keep getting following error message when running:

docker-compose run --rm stack is-db init

Error Message:
Starting ttn_cockroach_1 ... done Starting ttn_redis_1 ... done INFO Connecting to Identity Server database... dial tcp: lookup cockroach on 127.0.0.11:53: no such host
Below the content of my docker-compose.yml file:

version: '3.7'
services:
  cockroach:
image: 'cockroachdb/cockroach:latest'
command: 'start --http-port 26256 --insecure'
restart: 'unless-stopped'
volumes:
  - './data/cockroach:/cockroach/cockroach-data'
  redis:
image: 'redis:latest'
command: 'redis-server --appendonly yes'
restart: 'unless-stopped'
volumes:
  - './data/redis:/data'

  stack:
image: 'thethingsnetwork/lorawan-stack:latest'
entrypoint: 'ttn-lw-stack'
command: 'start all -c /config/ttn-lw-stack.yml'
restart: 'unless-stopped'
depends_on:
  - 'cockroach'
  - 'redis'
volumes:
  - './data/blob:/srv/ttn-lorawan/public/blob'
  - './config/stack:/config:ro'
  - './acme:/var/lib/acme'
ports:
  - '80:1885'
  - '443:8885'
  - '1881:1881'
  - '8881:8881'
  - '1882:1882'
  - '8882:8882'
  - '1883:1883'
  - '8883:8883'
  - '1884:1884'
  - '8884:8884'
  - '1887:1887'
  - '8887:8887'
  - '1700:1700/udp'

And the content of my ttn-lw-stack.yml file (which is in the config directory):

# Redis configuration
redis:
  address: 'redis:6379'

# Identity Server configuration
is:
  # CockroachDB
  database-uri: 'postgres://root@cockroach:26257/ttn_lorawan?sslmode=disable'
  # Email configuration for "thethings.example.com"
  email:
    sender-name: 'The Things Stack'
    sender-address: 'noreply@thethings.example.com'
    network:
      name: 'The Things Stack'
      console-url: 'https://thethings.example.com/console'
      identity-server-url: 'https://thethings.example.com/oauth'

  # Web UI configuration for "thethings.example.com":
  oauth:
    ui:
      canonical-url: 'https://thethings.example.com/oauth'
      is:
        base-url: 'https://thethings.example.com/api/v3'

  # HTTP server configuration
  http:
    cookie:
      # generate 32 bytes (openssl rand -hex 32)
      block-key: '0011223344556677001122334455667700112233445566770011223344556677'
      # generate 64 bytes (openssl rand -hex 64)
      hash-key: '00112233445566770011223344556677001122334455667700112233445566770011223344556677001122334455667700112233445566770011223344556677'
      metrics:
        password: 'metrics'               # choose a password
      pprof:
        password: 'pprof'                 # choose a password
  
  # Let's encrypt for "thethings.example.com"
  tls:
    source: 'acme'
    acme:
      dir: '/var/lib/acme'
      email: 'you@thethings.example.com'
      hosts: ['thethings.example.com']
      default-host: 'thethings.example.com'

  # If Gateway Server enabled, defaults for "thethings.example.com":
  gs:
    mqtt:
      public-address: 'thethings.example.com:1882'
      public-tls-address: 'thethings.example.com:8882'
    mqtt-v2:
      public-address: 'thethings.example.com:1881'
      public-tls-address: 'thethings.example.com:8881'

  # If Gateway Configuration Server enabled, defaults for "thethings.example.com":
  gcs:
    basic-station:
      default:
        lns-uri: 'wss://thethings.example.com:8887'
    the-things-gateway:
      default:
        mqtt-server: 'mqtts://thethings.example.com:8881'

  # Web UI configuration for "thethings.example.com":
  console:
    ui:
      canonical-url: 'https://thethings.example.com/console'
    is:
      base-url: 'https://thethings.example.com/api/v3'
    gs:
      base-url: 'https://thethings.example.com/api/v3'
    ns:
      base-url: 'https://thethings.example.com/api/v3'
    as:
      base-url: 'https://thethings.example.com/api/v3'
    js:
      base-url: 'https://thethings.example.com/api/v3'
    qrg:
      base-url: 'https://thethings.example.com/api/v3'
    edtc:
      base-url: 'https://thethings.example.com/api/v3'

  oauth:
    client-id: 'console'
    client-secret: 'console'

So apparently the dockes cannot communicate with each other but I can’t see the issue.

Unfortunately I was not able to find out the source of the error. The same configuration files do not lead to this problem in another operating system.

Error arises on CentOS 7

Since when is docker supported in centos 6?

Ups. It was CentOS 7 of course :sweat_smile:

I’m stuck on this:
docker-compose run --rm stack is-db init
outputting this:
open /config/ttn-lw-stack.yml: no such file or directory

I have tried putting ttn-lw-stack.yml in the same directory as docker-compse.yml, and in the config folder created by docker compose. I’m using the stock examples from this guide:
https://thethingsstack.io/v3.6.0/guides/getting-started/running-the-stack/

Only changes is commending out the self-signed cert stuff.

Where is this file supposed to live?

I found I had to put it in the ./config/stack folder that is created when you run the docker-compose up command. I think the volumes part of the .yml file mounts ./config/stack as /config inside the container. Not well documented at all…

I also ended up using that folder to get self signed certificates into the container, commented out all the sample certificate stuff in the .yml file and added them in the environment section of the stack

     TTN_LW_TLS_CERTIFICATE: /config/cert.pem
      TTN_LW_CA: /config/cert.peme
      TTN_LW_TLS_KEY: /config/key.pem

I suspect this is wildly insecure but I can log in to the system, create devices and gateways.