I have apache airflow running perfectly fine with default settings, when I set authenticate = False in the the airflow.cfg file
But I am unable to access the Web UI when i set authenticate = True
I am following the instructions from the website
https://incubator-airflow.readthedocs.io/en/latest/security.html
I am using Version : 1.10.1
When i try to access web ui, I get the message
This site can’t be reached or too many redirects
airflow.cfg file
[webserver]
authenticate = True
auth_backend = airflow.contrib.auth.backends.password_auth
Create my user with python
import airflow
from airflow import models, settings
from airflow.contrib.auth.backends.password_auth import PasswordUser
user = PasswordUser(models.User())
user.username = 'my.user'
user.email = 'my.user#company.com'
user.password = 'password'
session = settings.Session()
session.add(user)
session.commit()
session.close()
exit()
restart airflow
I've tried the way same as yours to create airflow user, it couldn't work.
Simply you can use command like this airflow create_user -r Admin -u admin -e admin#example.com -f admin -l user -p test in airflow webserver shell.
Try this way
Activate you airflow python environment and start python shell.
Then with the help of these commands you can easily set a new user in airflow.
>>> import airflow
>>> from airflow import models, settings
>>> from airflow.contrib.auth.backends.password_auth import PasswordUser
>>> user = PasswordUser(models.User())
>>> user.username = 'new_user_name'
>>> user.email = 'new_user_email#example.com'
>>> user.password = 'set_the_password'
>>> session = settings.Session()
>>> session.add(user)
>>> session.commit()
>>> session.close()
>>> exit()
I got the same error after debugging for 3 hours I found that I had a tiny mistake, It is because while you creating users for airflow you didn't specified role. I don't know what is the default role. But if the Default role is Public (Available roles are Admin, User, Viewer, Public, and Op) then even after successful login you redirect to the homepage, but Public role doesn't have permission to view dags. So if you see the webserver log you see a warning message like cannot index on airflow. So I would recommend you to create a user with respective requirements.
For example use CLI for creating user of airflow.
$ airflow create_user -h shows command options, and then set params according to them.
$ airflow create_user -r Viewer -u <username> -p <login_password whatever you want> -f <first name> -l <last_name> -e <email_id>
Hope that works for you, it was working for me. ps: I'm using google_auth as backend.
create_user seems to be deprecated, so please use this:
airflow users create --username admin --role Admin --email A#B.com --firstname A --lastname B
Related
I am creating the instance in openstack with centos 8 hardened image. The configuration script as follows:
#cloud-config
users:
- name: clouduser
password: password
sudo: ['ALL=(ALL) ALL']
groups: sudo
shell: /bin/bash
ssh_pwauth: True
lock_passwd: False
plain_text_passwd: password
runcmd:
- mkdir /run/test
here the user is created and I am able to login the instance but the commands in runcmd is not executed . even the runcmd log in /var/log/cloud-init.log is ran successfully but there is no folder is created in the /run/ folder and /etc/cloud/cloud.cfg is no change (runcmd module in cloud-config and script-user in cloud-finish are there and its executed successfully) but no commands got executed. the same commands if I run inside the instance its working fine. commands in bootcmd is also working but not with runcmd? I can't figure out why it's not being executed?
we're moving from airflow 1.x to 2.0.2, and I'm noticing the below error in my terminal after i run docker-compose run --rm webserver initdb:
{{manager.py:727}} WARNING - No user yet created, use flask fab
command to do it.
but in my entrypoint.sh I have the below to create users:
echo "Creating airflow user: ${AIRFLOW_CREATE_USER_USER_NAME}..."
su -c "airflow users create -r ${AIRFLOW_CREATE_USER_ROLE} -u ${AIRFLOW_CREATE_USER_USER_NAME} -e ${AIRFLOW_CREATE_USER_USER_NAME}#vice.com \
-p ${AIRFLOW_CREATE_USER_PASSWORD} -f ${AIRFLOW_CREATE_USER_FIRST_NAME} -l \
${AIRFLOW_CREATE_USER_LAST_NAME}" airflow
echo "Created airflow user: ${AIRFLOW_CREATE_USER_USER_NAME} done!"
;;
Because of this error whenever I try to run airflow locally I still have to run the below to create a user manually every time I start up airflow:
docker-compose run --rm webserver bash
airflow users create \
--username name \
--firstname fname \
--lastname lname \
--password pw \
--role Admin \
--email email#email.com
Looking at the airflow docker entrypoint script entrypoint_prod.sh file, looks like airflow will create the an admin for you when the container on boots.
By default the admin user is 'admin' without password.
If you want something diferent, set this variables: _AIRFLOW_WWW_USER_PASSWORD and _AIRFLOW_WWW_USER_USERNAME
(I'm on airflow 2.2.2)
Looks like they changed the admin creation command password from -p test to -p $DEFAULT_PASSWORD. I had to pass in this DEFAULT_PASSWORD env var to the docker-compose environment for the admin user to be created. It also looks like they now suggest using the .env.localrunner file for configuration.
Here is the commit where that change was made.
(I think you asked this question prior to that change being made, but maybe this will help someone in the future who had my same issue).
Hi I am taking a datacamp class on how to use Airflow and it shows how to create dags once you have access to an Airflow Web Interface.
Is there an easy way to create an account in the Airflow Web Interface? I am very lost on how to do this or is this just an enterprise tool where they provide you access to it once you pay?
You must do this on terminal. Run these commands:
export AIRFLOW_HOME=~/airflow
AIRFLOW_VERSION=2.2.5
PYTHON_VERSION="$(python --version | cut -d " " -f 2 | cut -d "." -f 1-2)"
CONSTRAINT_URL="https://raw.githubusercontent.com/apache/airflow/constraints-${AIRFLOW_VERSION}/constraints-${PYTHON_VERSION}.txt"
pip install "apache-airflow==${AIRFLOW_VERSION}" --constraint "${CONSTRAINT_URL}"
airflow standalone
Then, in there, you can see the username and password provided.
Then, open Chrome and search for:
localhost:8080
And write the username and password.
airflow has a web interface as well by default and default user pass is : airflow/airflow
you can run it by using :
airflow webserver --port 8080
then open the link : http://localhost:8080
if you want to make a new username by this command:
airflow create_user [-h] [-r ROLE] [-u USERNAME] [-e EMAIL] [-f FIRSTNAME]
[-l LASTNAME] [-p PASSWORD] [--use_random_password]
learn more about Running Airflow locally
You should install it , it is a python package not a website to register on.
The easiest way to install Airflow is:
pip install apache-airflow
if you need extra packages with it:
pip install apache-airflow[postgres,gcp]
finally run the webserver and the scheduler in different cmd :
airflow webserver # it is by default 8080
airflow scheduler
I am setting up users in Airflow installation using -
airflow create_user -r Viewer -u wsmith -f Will -l Smith -p xxxx -e xxxxx#gmail.com
Now if I want to change the role from Viewer to Admin- how would do I do that ?
Is my only option to do it via the UI ? Could I update the database tables directly ?
You can do this via backend database tables.
Within the airflow schema:
select * from AB_ROLE;
--- This will list all the available roles that you have
update AB_USER_ROLE
set ROLE_ID = <desired role from above>
where
USER_ID in (select ID from AB_USER where USERNAME = <USERID>);
--- Update to desired role.
You can delete the user and create back with new role and same credentials
airflow delete_user
airflow create_user -r <new_role> -u <old_username> -p <password> -f Firstname -l Lastname -e email#domain.com
I have followed the following Guide for Setup of designate.
http://docs.openstack.org/developer/designate/install/ubuntu.html
Above guide is having the exact workflow what I was looking for.
I need to setup Designate using PowerDns Backend. It provides way for doing the same.
But In case of Registering Designate with Keystone it lacks in Detail.
Please some one help me regarding the same.
Now I am trying to access http://IP.Address:9001/v2/command.
It gives error as follows:
Authentication required
Error log from designate-api:
2015-10-20 03:58:36.917 20993 WARNING keystoneclient.middleware.auth_token [-] Unable to find authentication token in headers
2015-10-20 03:58:36.917 20993 INFO keystoneclient.middleware.auth_token [-] Invalid user token - rejecting request
2015-10-20 03:58:36.917 20993 INFO eventlet.wsgi [-] 61.12.45.30 - - [20/Oct/2015 03:58:36] "GET /v1/ HTTP/1.1" 401 217 0.000681
I found the way for doing the same.
Here it is detailed steps attached.
Registering keystone with designate:
Kestone Setup:
apt-get install keystone
Edit /etc/keystone/keystone.conf and change the [database] section:
connection = mysql://keystone:keystone#localhost/keystone
rm /var/lib/keystone/keystone.db
$ mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'#'localhost' \
IDENTIFIED BY 'keystone';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'#'%' \
IDENTIFIED BY 'keystone';
mysql> exit
pip install mysql-python
su -s /bin/sh -c "keystone-manage db_sync" keystone
Execute the following command note down the value:
openssl rand -hex 10
Edit /etc/keystone/keystone.conf and change the [DEFAULT] section, replacing ADMIN_TOKEN with the results of the command:
[DEFAULT]
# A "shared secret" between keystone and other openstack services
admin_token = ADMIN_TOKEN
Configure the log directory. Edit the /etc/keystone/keystone.conf file and update the [DEFAULT] section:
[DEFAULT]
...
log_dir = /var/log/keystone
service keystone restart
Users tenants service and endpoint creation:
export OS_SERVICE_TOKEN=token_value
(please edit the token value generated above)
export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0
keystone tenant-create --name service --description "Service Tenant" --enabled true
keystone service-create --type dns --name designate --description="Designate"
keystone endpoint-create --service designate --publicurl http://127.0.0.1:9001/v1 --adminurl http://127.0.0.1:9001/v1 --internalurl http://127.0.0.1:9001/v1
keystone user-create --name dnsaas --tenant service --pass dnsaas --enabled true
keystone role-create --name=admin
keystone user-role-add --user dnsaas --tenant service --role admin
apt-get install python-designateclient
Create an openrc file:
$ vi openrc
export OS_USERNAME=dnsaas
export OS_PASSWORD=dnsaas
export OS_TENANT_NAME=service
export OS_AUTH_URL=http://localhost:5000/v2.0/
export OS_AUTH_STRATEGY=keystone
export OS_REGION_NAME=RegionOne
source an openrc file:
. openrc
Note :
Execute or restart the designate-central and designate-api services.
designate domain-list command
designate domain-list
Above command is not returing any errors means fine to go.