Unable to connect with CUPS to Open Source V3 Server

mattrude · June 12, 2021, 5:05am

Greetings-
I am currently having issues connecting a client via CUPS to my TTS v3 running the Open
Source version.

I believe the server is giving the client a 500 error, I am sure there is a problem in my config but I am unclear where.

If I for go CUPS and configure LNS directly, I am able to connect.

The Things Stack for LoRaWAN: ttn-lw-stack
Version:             3.13.1
Build date:          2021-06-04T09:24:40Z
Git commit:          76bc6cf3c
Go version:          go1.16.5
OS/Arch:             linux/arm

The server log shows:

Jun 12 05:00:17 console ttn-lw-stack[4516]:  DEBUG Run database query                       duration=2ms grpc.method=GetIdentifiersForEUI grpc.service=ttn.lorawan.v3.GatewayRegistry namespace=db query=SELECT id, created_at, updated_at, deleted_at, gateway_id, gateway_eui FROM "gateways"  WHERE "gateways"."deleted_at" IS NULL AND ((gateway_eui = $1)) ORDER BY "gateways"."id" ASC LIMIT 1 request_id=01F7Z9F535C4D9V44FEMQA98H5 rows=1 source=gateway_store.go:118 values=[B827EBFFFE63DE5E]
Jun 12 05:00:17 console ttn-lw-stack[4516]:   INFO Finished unary call                      duration=3ms grpc.method=GetIdentifiersForEUI grpc.service=ttn.lorawan.v3.GatewayRegistry namespace=grpc peer.address=pipe request_id=01F7Z9F535C4D9V44FEMQA98H5
Jun 12 05:00:17 console ttn-lw-stack[4516]:  DEBUG Found gateway for EUI                    gateway_eui=B827EBFFFE63DE5E gateway_uid=odingate http.method=POST http.path=/update-info namespace=web peer.address=192.168.1.15:58554 request_id=01F7Z9F534KMP263A8FEFDYB7A
Jun 12 05:00:17 console ttn-lw-stack[4516]:  DEBUG Run database query                       duration=1ms gateway_eui=B827EBFFFE63DE5E http.method=POST http.path=/update-info namespace=db peer.address=192.168.1.15:58554 query=SELECT * FROM "api_keys"  WHERE ("api_keys"."api_key_id" = $1) ORDER BY "api_keys"."id" ASC LIMIT 1 request_id=01F7Z9F534KMP263A8FEFDYB7A rows=1 source=api_key_store.go:117 values=[BQYOQ5QOARIM2GO2AVM456OB7C5EUYTDXZNKMJY]
Jun 12 05:00:17 console ttn-lw-stack[4516]:  DEBUG Run database query                       duration=1ms gateway_eui=B827EBFFFE63DE5E http.method=POST http.path=/update-info namespace=db peer.address=192.168.1.15:58554 query=SELECT id as uuid, gateway_id as friendly_id FROM "gateways"  WHERE (id in ($1)) request_id=01F7Z9F534KMP263A8FEFDYB7A rows=1 source=membership.go:73 values=[91681ae5-f3e4-4ca5-8c1d-2bc2672a54b0]
Jun 12 05:00:17 console ttn-lw-stack[4516]:  DEBUG Run database query                       duration=2ms gateway_eui=B827EBFFFE63DE5E http.method=POST http.path=/update-info namespace=db peer.address=192.168.1.15:58554 query=SELECT id, created_at, updated_at, deleted_at, gateway_id, gateway_eui, status_public, location_public FROM "gateways"  WHERE "gateways"."deleted_at" IS NULL AND ((gateway_id = $1) AND (gateway_eui = $2)) ORDER BY "gateways"."id" ASC LIMIT 1 request_id=01F7Z9F534KMP263A8FEFDYB7A rows=1 source=gateway_store.go:118 values=[odingate B827EBFFFE63DE5E]
Jun 12 05:00:17 console ttn-lw-stack[4516]:  DEBUG Authorized with The Things Stack token   gateway_eui=B827EBFFFE63DE5E http.method=POST http.path=/update-info namespace=web peer.address=192.168.1.15:58554 request_id=01F7Z9F534KMP263A8FEFDYB7A
Jun 12 05:00:17 console ttn-lw-stack[4516]:  DEBUG Run database query                       duration=2ms grpc.method=Get grpc.service=ttn.lorawan.v3.GatewayRegistry namespace=db query=SELECT * FROM "api_keys"  WHERE ("api_keys"."api_key_id" = $1) ORDER BY "api_keys"."id" ASC LIMIT 1 request_id=01F7Z9F53SDF05B0TEBHGCZZPB rows=1 source=api_key_store.go:117 values=[BQYOQ5QOARIM2GO2AVM456OB7C5EUYTDXZNKMJY]
Jun 12 05:00:17 console ttn-lw-stack[4516]:  DEBUG Run database query                       duration=1ms grpc.method=Get grpc.service=ttn.lorawan.v3.GatewayRegistry namespace=db query=SELECT id as uuid, gateway_id as friendly_id FROM "gateways"  WHERE (id in ($1)) request_id=01F7Z9F53SDF05B0TEBHGCZZPB rows=1 source=membership.go:73 values=[91681ae5-f3e4-4ca5-8c1d-2bc2672a54b0]
Jun 12 05:00:17 console ttn-lw-stack[4516]:  DEBUG Run database query                       duration=2ms grpc.method=Get grpc.service=ttn.lorawan.v3.GatewayRegistry namespace=db query=SELECT id, created_at, updated_at, deleted_at, gateway_id, gateway_eui, status_public, location_public FROM "gateways"  WHERE "gateways"."deleted_at" IS NULL AND ((gateway_id = $1) AND (gateway_eui = $2)) ORDER BY "gateways"."id" ASC LIMIT 1 request_id=01F7Z9F53SDF05B0TEBHGCZZPB rows=1 source=gateway_store.go:118 values=[odingate B827EBFFFE63DE5E]
Jun 12 05:00:17 console ttn-lw-stack[4516]:  DEBUG Run database query                       duration=2ms grpc.method=Get grpc.service=ttn.lorawan.v3.GatewayRegistry namespace=db query=SELECT id, created_at, updated_at, deleted_at, gateway_id, gateway_eui, auto_update, frequency_plan_id, gateway_server_address, lbs_lns_secret, target_cups_key, target_cups_uri, update_channel, brand_id, model_id, hardware_version, firmware_version FROM "gateways"  WHERE "gateways"."deleted_at" IS NULL AND ((gateway_id = $1) AND (gateway_eui = $2)) ORDER BY "gateways"."id" ASC LIMIT 1 request_id=01F7Z9F53SDF05B0TEBHGCZZPB rows=1 source=gateway_store.go:118 values=[odingate B827EBFFFE63DE5E]
Jun 12 05:00:17 console ttn-lw-stack[4516]:  DEBUG Run database query                       duration=1ms grpc.method=Get grpc.service=ttn.lorawan.v3.GatewayRegistry namespace=db query=SELECT * FROM "attributes"  WHERE ("entity_id" IN ($1) AND "entity_type" = $2) ORDER BY "attributes"."id" ASC request_id=01F7Z9F53SDF05B0TEBHGCZZPB rows=0 source=gateway_store.go:118 values=[91681ae5-f3e4-4ca5-8c1d-2bc2672a54b0 gateway]
Jun 12 05:00:17 console ttn-lw-stack[4516]:   WARN No encryption key defined, return stored LBS LNS Secret value grpc.method=Get grpc.service=ttn.lorawan.v3.GatewayRegistry namespace=identityserver request_id=01F7Z9F53SDF05B0TEBHGCZZPB
Jun 12 05:00:17 console ttn-lw-stack[4516]:   INFO Finished unary call                      auth.token_id=BQYOQ5QOARIM2GO2AVM456OB7C5EUYTDXZNKMJY auth.token_type=APIKey duration=22ms grpc.method=Get grpc.request.gateway_id=odingate grpc.service=ttn.lorawan.v3.GatewayRegistry namespace=grpc peer.address=pipe request_id=01F7Z9F53SDF05B0TEBHGCZZPB
Jun 12 05:00:17 console ttn-lw-stack[4516]:  DEBUG Configure LNS                            gateway_eui=B827EBFFFE63DE5E http.method=POST http.path=/update-info lns_uri=console.theodin.network namespace=web peer.address=192.168.1.15:58554 request_id=01F7Z9F534KMP263A8FEFDYB7A
Jun 12 05:00:17 console ttn-lw-stack[4516]:  ERROR Server error                             address=console.theodin.network auth.token_id=BQYOQ5QOARIM2GO2AVM456OB7C5EUYTDXZNKMJY auth.token_type=APIKey duration=56.2ms error=error:pkg/basicstation/cups:server_trust (failed to fetch server trust for address `console.theodin.network`) error_cause=remote error: tls: internal error http.method=POST http.path=/update-info http.status=500 namespace=web peer.address=192.168.1.15:58554 request_id=01F7Z9F534KMP263A8FEFDYB7A

My Server config looks like this:


# The Things Stack for LoRaWAN Configuration File
log:
  level: 'debug'

is:
  database-uri: postgresql://thethingsstack:<--Remove Data for posting-->@<--Remove Data for posting-->:5432/ttn_lorawan?sslmode=require

  admin-rights:
    all: true
  user-registration:
    admin-approval:
        required: true
    contact-info-validation:
        required: true
    password-requirements:
        reject-user-id: true
    password-requirements:
        reject-common: true

  oauth:
    ui:
      site-name: "The Odin Things Network"
      canonical-url: 'https://console.theodin.network/oauth'
      is:
        base-url: 'https://console.theodin.network/api/v3'

  email:
    sender-name: 'The Odin Things Network'
    sender-address: 'noreply@theodin.network'
    network:
      name: 'The Odin Things Network'
      console-url: 'https://console.theodin.network/console'
      identity-server-url: 'https://console.theodin.network/oauth'

    # Send email with Sendgrid
    provider: sendgrid
    sendgrid:
      api-key: '<--Remove Data for posting-->'

http:
  listen: ':80'
  listen-tls: ':443'
  cookie:
    # To generate 32 bytes (openssl rand -hex 32)
    block-key: '<--Remove Data for posting-->'
    # To generate 64 bytes (openssl rand -hex 64)
    hash-key: '<--Remove Data for posting-->'
  metrics:
    password: '<--Remove Data for posting-->'
  pprof:
    password: '<--Remove Data for posting-->'

tls:
  source: 'acme'
  acme:
    enable: true
    default-host: 'console.theodin.network'
    dir: '/var/lib/ttn/certs'
    email: 'admin@theodin.network'
    hosts:
      - console.theodin.network

frequency-plans:
  config-source: 'directory'
  directory: '/var/lib/ttn/frequency-plans/'

events:
  backend: redis
  redis:
    store:
      enable: true

cluster:
  # To generate 32 bytes (openssl rand -hex 32)
  keys: '<--Remove Data for posting-->'

gs:
  basic-station:
    fallback-frequency-plan-id: 'US_902_928_FSB_2'
    listen: 'console.theodin.network:1887'
    listen-tls: 'console.theodin.network:8887'
  mqtt:
    public-address: 'console.theodin.network:1882'
    public-tls-address: 'console.theodin.network:8883'
  mqtt-v2:
    public-address: 'console.theodin.network:1881'
    public-tls-address: 'console.theodin.network:8881'


gcs:
  basic-station:
    allow-cups-uri-update: true
    default:
      lns-uri: 'wss://console.theodin.network:8887'
    owner-for-unknown:
      account-type: 'user'
      api-key: '<--Remove Data for posting-->'
      id: '<--Remove Data for posting-->'
  require-auth: false
  the-things-gateway:
    default:
      mqtt-server: 'mqtts://console.theodin.network:8881'

dr:
  directory: '/var/lib/ttn/devices'
  store:
    bleve:
      search-paths: '/var/lib/ttn/devices'

as:
  mqtt:
    public-address: 'console.theodin.network:1883'
    public-tls-address: 'console.theodin.network:8883'

console:
  ui:
    descriptions: 'Welcome to the Odin Network'
    canonical-url: 'https://console.theodin.network/console'
    is:
      base-url: 'https://console.theodin.network/api/v3'
    gs:
      base-url: 'https://console.theodin.network/api/v3'
    ns:
      base-url: 'https://console.theodin.network/api/v3'
    as:
      base-url: 'https://console.theodin.network/api/v3'
    js:
      base-url: 'https://console.theodin.network/api/v3'
    gcs:
      base-url: 'https://console.theodin.network/api/v3'
    qrg:
      base-url: 'https://console.theodin.network/api/v3'
    edtc:
      base-url: 'https://console.theodin.network/api/v3'
  oauth:
    authorize-url: 'https://console.theodin.network/oauth/authorize'
    token-url: 'https://console.theodin.network/oauth/token'
    logout-url: 'https://console.theodin.network/oauth/logout'
    client-id: 'console'
    client-secret: '<--Remove Data for posting-->'

redis:
    address: '127.0.0.1:6379'
    database: 1

mattrude · June 12, 2021, 9:03pm

CUPS is now working, it looks the the ‘acme’ module was the issue.

I download and installed the certbot and created a new certificate for the service. I then replaced:

tls:
  source: 'acme'
  acme:
    enable: true
    default-host: 'console.theodin.network'
    dir: '/var/lib/ttn/certs'
    email: 'admin@theodin.network'
    hosts:
      - console.theodin.network

with the newly created certificate:

tls:
  source: 'file'
  certificate: '/etc/letsencrypt/live/console.theodin.network/fullchain.pem'
  key: '/etc/letsencrypt/live/console.theodin.network/privkey.pem'

I then restarted the service and the remote gateways connected via CUPS, downloaded the needed information and show as connected on the console now.

The LNS configuration seems to have been downloaded to the gateways as expected. All seems to be working now.

mattrude · June 13, 2021, 3:21am

Ticket 4265 has been opened for this issue.

system · June 14, 2021, 3:21am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.