Pydio Cells and CODE token timeouts


#1

Before I head down a rabbit hole has anyone advice how to tackle the following issue.

When editing documents in a CODE window things work well for a bit but then I get this message and cant save anymore

“Document cannot be saved due to an invalid or expired access token.”

is this Cells side config or CODE side?

im guessing its Cells issuing short lived tokens

any help appreciated !

thanks


#2

Hi,
could you tell me which pydio cells version are you on?


#3

actually, i wasnt sure if it was 1.2.4 or 1.2.5. I made the n00b mistake of using latest as the docker tag.

Now after a cluster power failure things arnt starting back up, so ill have to try and sort that out fist.

Lots of entries like:

{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.web.auth”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}
{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.grpc.data-key”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}
{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.grpc.user-key”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}
{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.grpc.policy”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}
{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.grpc.user-meta”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}
{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.grpc.user”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}
{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.grpc.role”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}
{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.grpc.workspace”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}
{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.grpc.meta”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}
{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.grpc.changes”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}
{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.grpc.auth”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}
{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.grpc.config”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}
{“level”:“error”,“ts”:“2019-01-28T18:58:48Z”,“logger”:“pydio.grpc.acl”,“msg”:"Could not prepare start ",“error”:“Storage is not available”}

so ill have to fathom this out first. In the mean time ive pinned the version to 1.2.3 as I know for sure this is what I was using a month or so ago.

ill be back in touch when ive recovered things


#4

Hi,
yeah it seems that the latest tag on docker does not give the latest version, i’ll ask that to be changed.


#5

ive got stuff back up running now, the dns in the cluster went a bit funky so pydio couldnt speak to the maria db pod.

ive pinned to v1.2.5 for now and i shall let you know what happens


#6

its still happening;

I opened pydio cells in my safari browser,
edited a doc and saved it,
did some stuff in another tab for a bit,
went back to the pydio tab and made a change and tried to save

some logs here (would you like to know some bits of the pydio config file?)

2019-01-30T19:35:58.980Z INFO pydio.grpc.data.sync.personal CreateNode {“node”: "Uuid:“b84c4494-276d-4c29-a1d4-0017a8570972” Path:“ross/shopping/week2.docx” Type:LEAF Size:6182 MTime:1548876957 Mode:511 Etag:“166ece7b9b0d5b9c36e8a8e03493dee9” "}
2019-01-30T19:36:03.158Z INFO Restarting Gateway Proxy {“caddyfile”: “\n\t\thttp://0.0.0.0:30010 {\n\t\tproxy /a 10.244.3.115:44255 {\n\t\t\twithout /a\n\t\t\ttransparent\n\t\t}\n\t\tproxy /auth/dex 10.244.3.115:37041 {\n\t\t\ttransparent\n\t\t\tinsecure_skip_verify\n\t\t}\n\t\tproxy /io :32923 {\n\t\t\ttransparent\n\t\t}\n\t\tproxy /data :32923 {\n\t\t\ttransparent\n\t\t}\n\t\tproxy /ws PENDING {\n\t\t\twebsocket\n\t\t\twithout /ws\n\t\t}\n\t\tproxy /plug/ 10.244.3.115:39683 {\n\t\t\ttransparent\n\t\t\theader_downstream Cache-Control “public, max-age=31536000”\n\t\t}\n\t\tproxy /dav/ 10.244.3.115:40187 {\n\t\t\ttransparent\n\t\t}\n\n\t\tproxy /public/ 10.244.3.115:39683 {\n\t\t\ttransparent\n\t\t}\n\n\t\tproxy /user/reset-password/ 10.244.3.115:39683 {\n\t\t\ttransparent\n\t\t}\n\n\t\tproxy /robots.txt 10.244.3.115:39683 {\n\t\t\ttransparent\n\t\t}\n\n\t\tproxy /login 10.244.3.115:39683/gui {\n\t\t\ttransparent\n\t\t\twithout /login\n\t\t}\n\n\t\tredir 302 {\n\t\t if {path} is /\n\t\t / /login\n\t\t}\n\n\t\t\n\t\t\n proxy /wopi/ 10.244.3.115:40871 {\n transparent\n }\n\n proxy /loleaflet/ https://collabora:9980/loleaflet {\n transparent\n insecure_skip_verify\n without /loleaflet/\n }\n\n proxy /hosting/discovery https://collabora:9980/hosting/discovery {\n transparent\n insecure_skip_verify\n without /hosting/discovery\n }\n\n proxy /lool/ https://collabora:9980/lool/ {\n transparent\n insecure_skip_verify\n websocket\n without /lool/\n }\n \n\t\t\n\n\t\trewrite {\n\t\t\tif {path} not_starts_with “/a/”\n\t\t\tif {path} not_starts_with “/auth/”\n\t\t\tif {path} not_starts_with “/io”\n\t\t\tif {path} not_starts_with “/data”\n\t\t\tif {path} not_starts_with “/ws/”\n\t\t\tif {path} not_starts_with “/plug/”\n\t\t\tif {path} not_starts_with “/dav/”\n\t\t\t\n\t\t\tif {path} not_starts_with “/wopi/”\n\t\t\t\n\t\t\tif {path} not_starts_with “/loleaflet/”\n\t\t\t\n\t\t\tif {path} not_starts_with “/hosting/discovery”\n\t\t\t\n\t\t\tif {path} not_starts_with “/lool/”\n\t\t\t\n\t\t\tif {path} not_starts_with “/public/”\n\t\t\tif {path} not_starts_with “/user/reset-password”\n\t\t\tif {path} not_starts_with “/robots.txt”\n\t\t\tto {path} {path}/ /login\n\t\t}\n\n\t\t\n\t\terrors “/root/.config/pydio/cells/logs/caddy_errors.log”\n\t\t}\n\n\t\t\n\t”}
2019-01-30T19:36:03.158Z INFO [INFO] Reloading
2019-01-30T19:36:05.392Z INFO [INFO] Reloading complete
2019-01-30T19:36:05.392Z INFO Restart Finished
2019-01-30T19:36:05.392Z INFO http: Server closed
2019-01-30T19:36:16.399Z INFO Restarting Gateway Proxy {“caddyfile”: “\n\t\thttp://0.0.0.0:30010 {\n\t\tproxy /a 10.244.3.115:44255 {\n\t\t\twithout /a\n\t\t\ttransparent\n\t\t}\n\t\tproxy /auth/dex 10.244.3.115:37041 {\n\t\t\ttransparent\n\t\t\tinsecure_skip_verify\n\t\t}\n\t\tproxy /io :32923 {\n\t\t\ttransparent\n\t\t}\n\t\tproxy /data :32923 {\n\t\t\ttransparent\n\t\t}\n\t\tproxy /ws PENDING {\n\t\t\twebsocket\n\t\t\twithout /ws\n\t\t}\n\t\tproxy /plug/ 10.244.3.115:39683 {\n\t\t\ttransparent\n\t\t\theader_downstream Cache-Control “public, max-age=31536000”\n\t\t}\n\t\tproxy /dav/ 10.244.3.115:40187 {\n\t\t\ttransparent\n\t\t}\n\n\t\tproxy /public/ 10.244.3.115:39683 {\n\t\t\ttransparent\n\t\t}\n\n\t\tproxy /user/reset-password/ 10.244.3.115:39683 {\n\t\t\ttransparent\n\t\t}\n\n\t\tproxy /robots.txt 10.244.3.115:39683 {\n\t\t\ttransparent\n\t\t}\n\n\t\tproxy /login 10.244.3.115:39683/gui {\n\t\t\ttransparent\n\t\t\twithout /login\n\t\t}\n\n\t\tredir 302 {\n\t\t if {path} is /\n\t\t / /login\n\t\t}\n\n\t\t\n\t\t\n proxy /wopi/ 10.244.3.115:40871 {\n transparent\n }\n\n proxy /loleaflet/ https://collabora:9980/loleaflet {\n transparent\n insecure_skip_verify\n without /loleaflet/\n }\n\n proxy /hosting/discovery https://collabora:9980/hosting/discovery {\n transparent\n insecure_skip_verify\n without /hosting/discovery\n }\n\n proxy /lool/ https://collabora:9980/lool/ {\n transparent\n insecure_skip_verify\n websocket\n without /lool/\n }\n \n\t\t\n\n\t\trewrite {\n\t\t\tif {path} not_starts_with “/a/”\n\t\t\tif {path} not_starts_with “/auth/”\n\t\t\tif {path} not_starts_with “/io”\n\t\t\tif {path} not_starts_with “/data”\n\t\t\tif {path} not_starts_with “/ws/”\n\t\t\tif {path} not_starts_with “/plug/”\n\t\t\tif {path} not_starts_with “/dav/”\n\t\t\t\n\t\t\tif {path} not_starts_with “/wopi/”\n\t\t\t\n\t\t\tif {path} not_starts_with “/loleaflet/”\n\t\t\t\n\t\t\tif {path} not_starts_with “/hosting/discovery”\n\t\t\t\n\t\t\tif {path} not_starts_with “/lool/”\n\t\t\t\n\t\t\tif {path} not_starts_with “/public/”\n\t\t\tif {path} not_starts_with “/user/reset-password”\n\t\t\tif {path} not_starts_with “/robots.txt”\n\t\t\tto {path} {path}/ /login\n\t\t}\n\n\t\t\n\t\terrors “/root/.config/pydio/cells/logs/caddy_errors.log”\n\t\t}\n\n\t\t\n\t”}
.
.
.
2019-01-30T19:41:45.355Z INFO [INFO] Reloading
2019-01-30T19:41:45.359Z INFO [INFO] Reloading complete
2019-01-30T19:41:45.359Z INFO Restart Finished
2019-01-30T19:41:45.359Z INFO http: Server closed
2019-01-30T19:41:56.366Z INFO Restarting Gateway Proxy {“caddyfile”: “\n\t\thttp://0.0.0.0:30010 {\n\t\tproxy /a 10.244.3.115:44255 {\n\t\t\twithout /a\n\t\t\ttransparent\n\t\t}\n\t\tproxy /auth/dex 10.244.3.115:37041 {\n\t\t\ttransparent\n\t\t\tinsecure_skip_verify\n\t\t}\n\t\tproxy /io :32923 {\n\t\t\ttransparent\n\t\t}\n\t\tproxy /data :32923 {\n\t\t\ttransparent\n\t\t}\n\t\tproxy /ws PENDING {\n\t\t\twebsocket\n\t\t\twithout /ws\n\t\t}\n\t\tproxy /plug/ 10.244.3.115:39683 {\n\t\t\ttransparent\n\t\t\theader_downstream Cache-Control “public, max-age=31536000”\n\t\t}\n\t\tproxy /dav/ 10.244.3.115:40187 {\n\t\t\ttransparent\n\t\t}\n\n\t\tproxy /public/ 10.244.3.115:39683 {\n\t\t\ttransparent\n\t\t}\n\n\t\tproxy /user/reset-password/ 10.244.3.115:39683 {\n\t\t\ttransparent\n\t\t}\n\n\t\tproxy /robots.txt 10.244.3.115:39683 {\n\t\t\ttransparent\n\t\t}\n\n\t\tproxy /login 10.244.3.115:39683/gui {\n\t\t\ttransparent\n\t\t\twithout /login\n\t\t}\n\n\t\tredir 302 {\n\t\t if {path} is /\n\t\t / /login\n\t\t}\n\n\t\t\n\t\t\n proxy /wopi/ 10.244.3.115:40871 {\n transparent\n }\n\n proxy /loleaflet/ https://collabora:9980/loleaflet {\n transparent\n insecure_skip_verify\n without /loleaflet/\n }\n\n proxy /hosting/discovery https://collabora:9980/hosting/discovery {\n transparent\n insecure_skip_verify\n without /hosting/discovery\n }\n\n proxy /lool/ https://collabora:9980/lool/ {\n transparent\n insecure_skip_verify\n websocket\n without /lool/\n }\n \n\t\t\n\n\t\trewrite {\n\t\t\tif {path} not_starts_with “/a/”\n\t\t\tif {path} not_starts_with “/auth/”\n\t\t\tif {path} not_starts_with “/io”\n\t\t\tif {path} not_starts_with “/data”\n\t\t\tif {path} not_starts_with “/ws/”\n\t\t\tif {path} not_starts_with “/plug/”\n\t\t\tif {path} not_starts_with “/dav/”\n\t\t\t\n\t\t\tif {path} not_starts_with “/wopi/”\n\t\t\t\n\t\t\tif {path} not_starts_with “/loleaflet/”\n\t\t\t\n\t\t\tif {path} not_starts_with “/hosting/discovery”\n\t\t\t\n\t\t\tif {path} not_starts_with “/lool/”\n\t\t\t\n\t\t\tif {path} not_starts_with “/public/”\n\t\t\tif {path} not_starts_with “/user/reset-password”\n\t\t\tif {path} not_starts_with “/robots.txt”\n\t\t\tto {path} {path}/ /login\n\t\t}\n\n\t\t\n\t\terrors “/root/.config/pydio/cells/logs/caddy_errors.log”\n\t\t}\n\n\t\t\n\t”}
2019-01-30T19:41:56.366Z INFO [INFO] Reloading
2019-01-30T19:41:56.391Z INFO [INFO] Reloading complete
2019-01-30T19:41:56.391Z INFO Restart Finished
2019-01-30T19:41:56.391Z INFO http: Server closed
2019-01-30T19:41:56.883Z ERROR JWT token validation failed, cannot process request


#7

Hi,
i spoke with the devs and they told me that they are on it,
for the time being you could either increase yourself the token duration, you can find the values inside the pydio.json file.


#8

is it IdTokensExpiry or RefreshTokensExpiry?


#9

Hi,
you can increase both as long as the refresh token is longer than the Id token.


#10

Ive done that, things are looking ok so far.

thanks for your help