New Single Node Multi Disk Deployment: ROOT login from env vars not accepted on login. #20078
-
The expected behavior in the system is that we would have the username and password set in Note that this is a fresh installation so this should Just Work with instructions, but it fails. Expected BehaviorThe expected behavior is that we would be logged in with whatever we set for MINIO_ROOT_USER and MINIO_ROOT_PASSWORD. Current BehaviorAttempting to login with the root user and password immediately gives us an "Invalid Login" for the credentials specified in MINIO_ROOT_USER and MINIO_ROOT_PASSWORD Possible SolutionNo solution, this has cropped up in the most recent installation version of MinIO server. Steps to Reproduce (for bugs)
ContextThis prevents logging into the MinIO panel as an admin. This iwas on a clean installation, so bucket config, etc. is expected to be doable via root access on the console. RegressionMAJOR Regression Your Environment
|
Beta Was this translation helpful? Give feedback.
Replies: 7 comments 1 reply
-
Hi @teward this is likely to be an issue somewhere with your environment configuration. MinIO is reading the environment variables correctly, this is easy to confirm on the latest version of the binary:
See how How are you starting MinIO? The .deb installer drops a systemd template which reads the
|
Beta Was this translation helpful? Give feedback.
-
@marktheunissen Disclaimer: I'm a fluent Ubuntu sysadmin, and know the .deb uses the SystemD service. Which is the service in use here, so it's being loaded automatically by SystemD. I should note that the SystemD binary does not dump RootUser/RootPass to logs - probably for security reasons. We set up a version of MinIO on the 4th last week on the older versions and such that were available for download at the time and it Just Worked. Same defaults settings (except different domain), same NGINX reverse proxy setup. I don't have that binary here (because it's on a secure network segment I can't exfil data from right now from here), but it seems this is a brand new issue compared to those versions. |
Beta Was this translation helpful? Give feedback.
-
Ok, start by confirming that MinIO has loaded the correct env:
If it has the correct env vars, use If all that works, then the problem would be more likely to be coming from the nginx config? Just start by eliminating things. |
Beta Was this translation helpful? Give feedback.
-
Can you share what you are doing here? The latest release is running on https://play.min.io which hosts nginx and then directs the traffic to MinIO on port 9500 nginx.conf
I suspect something to do with using some snake oil certificates here, so please describe whether this URL that is set is trusted, etc. Also share your /etc/default/minio play root credentials
|
Beta Was this translation helpful? Give feedback.
-
@harshavardhana Here's some extra stuff here: NGINX frontend config (local access only on my development network!)
Contents of
The SSL certificates are issued from an internal CA and trusted by the browser. This is the
Since this is being managed from SystemD, I confirmed per @marktheunissen and their suggestion of introspecting the env vars that the MINIO_ROOT_USER and MINIO_ROOT_PASSWORD are being set in the process's environment as entered. Using these credentials from the command line with the corresponding 'local' alias (yes I set these creds!) works without issue and I can do all command operations (it seems) with the command line. NGINX config is nearly identical to what @harshavardhana has shared except that it's on port 443 on the NGINX side and handed off to 9001 internally for the minio config just for the console domain. |
Beta Was this translation helpful? Give feedback.
-
Is your browser URL domain resolvable from the MinIO node? And Is it trusted via curl? |
Beta Was this translation helpful? Give feedback.
-
This is also more or less a configuration issue. Moving this to discussion. |
Beta Was this translation helpful? Give feedback.
Is your browser URL domain resolvable from the MinIO node? And Is it trusted via curl?