MicroGateway configuration errors on Windows 10.

jeffai
Participant I

I tried to configure the MicroGateway on my windows machine (Apigee Edge in the cloud), but i am getting the following error during configuration.

PS C:\Users\XXX> edgemicro.cmd configure -o xxxxx -e test -v default -u xxxx@xxxxx.com

current nodejs version is v8.11.3

current edgemicro version is 2.5.26

password:

file doesn't exist, setting up checking org for existing KVM

error checking for cert.

Installing new cert. creating KVM adding private_key adding public_key C:\Users\XXX\AppData\Roaming\npm\node_modules\edgemicro\cli\lib\cert-lib.js:187 'value': key.publicKey ^ TypeError: Cannot read property 'publicKey' of undefined at C:\Users\XXX\AppData\Roaming\npm\node_modules\edgemicro\cli\lib\cert-lib.js:187:30 at C:\Users\XXX\AppData\Roaming\npm\node_modules\edgemicro\node_modules\async\lib\async.js:718:13 at Immediate.iterate [as _onImmediate] (C:\Users\XXX\AppData\Roaming\npm\node_modules\edgemicro\node_modules\async\lib\async.js:262:13) at runCallback (timers.js:810:20) at tryOnImmediate (timers.js:768:5) at processImmediate [as _immediateCallback] (timers.js:745:5)

Solved Solved
1 29 879
1 ACCEPTED SOLUTION

Former Community Member
Not applicable

A quick update: At the moment, I suspect there is a backward incompatibility between OpenSSL versions.

I have created workaround for this issue. The edgemicro configure command takes two new parameters - key and cert. Like this:

edgemicro configure -o org -e test -u me@user.com -k ~/workspace/tls.key -s ~/workspace/tls.crt

Users can use OpenSSL to generate a self signed key/cert pair like this:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -config /private/etc/ssl/openssl.cnf -extensions 'v3_req'

or, procure a signed certificate from your enterprise CA.

I expect to publish this release in the next day or two.

View solution in original post

29 REPLIES 29

Former Community Member
Not applicable

I presume openssl was installed and available in the path. Can you please confirm if a KVM called "microgateway" was created and the key and cert installed on it?

For my case KVM was not created, stack trace is exactly similar to Jeff. I tried to configure with Apigee Evaluation version and Paid version, bot gives the same error.

Not applicable

I have exactly the same error, i also tried to upgrade npm and node.js , edgemicro-auth proxy is created in Edge. There is no KVM created though. Please find the stack trace

current nodejs version is v10.10.0
current edgemicro version is 2.5.26
password:
file doesn't exist, setting up
checking org for existing KVM
error checking for cert. Installing new cert.
creating KVM
adding private_key
adding public_key
C:\Users\_nairr\AppData\Roaming\npm\node_modules\edgemicro\cli\lib\cert-lib.js:187
'value': key.publicKey
^

TypeError: Cannot read property 'publicKey' of undefined
at C:\Users\_nairr\AppData\Roaming\npm\node_modules\edgemicro\cli\lib\cert-lib.js:187:30
at C:\Users\_nairr\AppData\Roaming\npm\node_modules\edgemicro\node_modules\async\lib\async.js:718:13
at Immediate.iterate (C:\Users\_nairr\AppData\Roaming\npm\node_modules\edgemicro\node_modules\async\lib\async.js:262
:13)
at runCallback (timers.js:694:18)
at tryOnImmediate (timers.js:665:5)
at processImmediate (timers.js:647:5)

Former Community Member
Not applicable

same question - is OpenSSL installed and in the path?

Open SSL is installed and is in path, i am running in Windows 7 though

Former Community Member
Not applicable

Are you an "orgadmin" in the Apigee org?

Yes i am the Org admin

Configuration YAML just in case it rings any bell

edge_config: bootstrap: https://apigee.net/edgemicro/bootstrap/organization/org/environment/env. jwt_public_key: http://apigee.net/edgemicro/publicKey. managementUri: https://api.enterprise.apigee.com vaultName: microgateway authUri: https://%s-%s.apigee.net/edgemicro-auth baseUri: https://edgemicroservices.apigee.net/edgemicro/%s/organization/%s/environment/%s bootstrapMessage: Please copy the following property to the edge micro agent config keySecretMessage: The following credentials are required to start edge micro edgemicro: port: 8000 max_connections: 1000 config_change_poll_interval: 600 logging: level: error dir: /var/tmp stats_log_interval: 60 rotate_interval: 24 plugins: sequence: - oauth headers: x-forwarded-for: true x-forwarded-host: true x-request-id: true x-response-time: true via: true oauth: allowNoAuthorization: false allowInvalidAuthorization: false

Former Community Member
Not applicable

No, that's not helping. The key/cert is not being generated is what I can tell from the stacktrace.

There is a line which says installing Cert and then it proceeds to KVM, while creating Public_key key it has some issue, is this because of NPM version 6.4.1 or the issue with Latest Microgateway version

Former Community Member
Not applicable

I can confirm this bug. Will post an update soon.

jeffai
Participant I

Thanks all. I can confirm the following

1. Open SSL installed and working on Win10 (I also tried on a Mac with the same error).

2. I configured as orgadmin.

3. Didn't use a trial account.

4. No new KVM was created.

@srinandans - also, when you say it is a bug so a fix is on the way? 🙂

Former Community Member
Not applicable

Something strange is happening. I have tried this 3-4 times. And it only failed once. Maybe the management api is timing out. Does it happen if you try it again?

hi @srinandans - I have tried many times - and never worked. I had a look at the source code, but could not figure out where the key object is created.

createCert(function(err, keys) {
    if (err) {
        return callback(err);
    }


    const privateKey = keys.serviceKey;
    const publicKey = keys.certificate;
    const async = require('async');


    pem.getPublicKey (publicKey, function(err, key) {
      async.series(
        [
          function(cb) {
            if (!options.force) { return cb(); }
            deleteVault(generateCredentialsObject(options), managementUri, options.org, options.env, vaultName, cb);
          },
          function(cb) {
            console.log('creating KVM');
            console.log('adding private_key');
            console.log('adding public_key');
            var entries = [
              {
                'name':'private_key',
                'value': privateKey
              },
              {
                'name': 'public_key',
                'value': publicKey
              },
              {
                'name': 'public_key1',
                'value': key.publicKey   // where is key defined?
              },



Former Community Member
Not applicable

Here: https://github.com/apigee-internal/microgateway/blob/master/cli/lib/cert-lib.js#L340

I have now run it 10 times. It worked every time...

strange - looks like the key was not created. Can you please explain to me the differences between the public_key and public_key1?

It is still not working for me.

Former Community Member
Not applicable

public_key actually contains the certificate and public_key1 contains the RSA public key.

also

current nodejs version is v8.11.3

current edgemicro version is 2.5.26

could this be an issue?

Former Community Member
Not applicable

Nope, I'm using the same version (on mac).

hi @srinandans - i was also able to verify the proxy

current nodejs version is v8.11.3
current edgemicro version is 2.5.26
info: jwk_public_keys download from null returned 200 undefined


info: jwt_public_key download from https://xxxxxxx-nonprod-test.apigee.net/edgemicro-auth/publicKey returned 200 OK
info: products download from https://xxxxxxx-nonprod-test.apigee.net/edgemicro-auth/products returned 200 OK
info: config download from https://edgemicroservices.apigee.net/edgemicro/bootstrap/organization/xxxxxx-nonprod/environment/tes... returned 200 OK
warning: no edge micro proxies found in org
verifying analytics negative case: OK
verifying bootstrap url availability:OK
verifying jwt_public_key availability: OK
verifying products availability: OK
verifying quota with configured products: OK
verifying analytics with payload: OK
verification complete

- this said. I am still not comfortable on why the code was not working for me (with openssl x509 -utf8)

jeffai
Participant I

Thanks @srinandans - after much debugging. I finally was able to configure microgateway (I have not verified it yet).

I found the error was with the command for openssl x509

I logged the parameters as (my log)

"RUN OPENSSL WITH x509,-utf8,-in,C:\Users\xxxxxx\AppData\Local\Temp\8d65ce3ddae4080f8783f5eb5d264dd4988eee59,-pubkey,-noout"

and the error

"OPENSSL CLOSED WITH STDOUT

OPENSSL CLOSED WITH STDERROR x509: Unknown digest utf8

x509: Use -help for summary."

"

Then I changed the pem.js code to remove the 'utf8' option, e.g.

    params = ['x509',
      // '-utf8', // JEFF
      '-in',
      '--TMPFILE--',
      '-pubkey',
      '-noout'
<br>

Then it was OK

configuring host edgemicroservices.apigee.net for region xxxxxxxx


saving configuration information to: C:\Users\xxxxx\.edgemicro\xxxx-nonprod-test-config.yaml


vault info:
 -----BEGIN CERTIFICATE-----
xxxxxxx
-----END CERTIFICATE-----


The following credentials are required to start edge micro
  key: xxxxx
  secret: xxxxx


edgemicro configuration complete!
<br>

I was able to verify and repeat the whole process multiple time since the fix.

But this is more a 'hacking" then a proper solution.

hi @Rahul Nair - sorry it was a typo - it should be in the pem.js file.


Thank you 🙂 I mereley reinstalled the Microgateway this time it worked

jeffai
Participant I
@Rahul Nair

@srinandans

Please see my previous comments - after I've updated the code. It now works fine. I have also tested on my mac (LibreSSL 2.2.7) and it also worked (it was not working before). However, as I mentioned before ... i am not comfortable with the "solution".

Former Community Member
Not applicable

A quick update: At the moment, I suspect there is a backward incompatibility between OpenSSL versions.

I have created workaround for this issue. The edgemicro configure command takes two new parameters - key and cert. Like this:

edgemicro configure -o org -e test -u me@user.com -k ~/workspace/tls.key -s ~/workspace/tls.crt

Users can use OpenSSL to generate a self signed key/cert pair like this:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -config /private/etc/ssl/openssl.cnf -extensions 'v3_req'

or, procure a signed certificate from your enterprise CA.

I expect to publish this release in the next day or two.

What key is it..Private key ? Also i am planning to use the docker image docker pull gcr.io/apigee-microgateway/edgemicro:latest, how do i pass the key and secret to this image to run this image.

Former Community Member
Not applicable

Yes, the key referred to there is the private key.

Two things:

1) I haven't yet published the release

2) These parameter only affects "edgemicro config". This step is done outside docker, so the usage of the docker image is unaffected.