I’m running through the steps to upgrade Kong Gateway Enterprise on Docker from v0.36 to v1.5 on a virtual machine. To do this, I’m setting up Kong v0.36 on the VM with the intent to script out the steps. However, when I go to seed the Super User following [[these steps]] and go to log in, it throws an Invalid User or Password error. I’ve done the following to get it running:
# set up cassandra
docker run -d --name kong-ee-database \
--network=kong-ee-net \
-p 9042:9042 \
-v "$HOME/cassandra/data:/var/lib/cassandra" \
cassandra:3
# run migrations
KONG_LICENSE_FILE=/path/to/license.json
KONG_CONF=/path/to/conf/dir
KONG_IMAGE=kong-ee:0.36
MIGRATION=bootstrap # can be up for upgrading kong
docker run --rm --network=kong-ee-net \
-e "KONG_LICENSE_DATA=(<$KONG_LICENSE_FILE)" \
-v "$HOME/kong/conf:/etc/kong" \
-e "KONG_PASSWORD=my_secret_password" \
"$KONG_IMAGE" kong migrations "$MIGRATION" -c /etc/kong/
```
And then setting up kong:
```
LICENSE=/path/to/license.json
CONFIG_DIR=/path/to/conf
IMAGE="kong-ee:0.36"
docker run -d --name kong-ee --network=kong-ee-net \
-e "KONG_LICENSE_DATA=$(<$LICENSE)" \
-v "$CONFIG_DIR:/etc/kong" \
-p 5000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 8444:8444 \
-p 8002:8002 \
-p 8445:8445 \
-p 8003:8003 \
-p 8004:8004 \
"$IMAGE"
```
My kong.conf file looks like this:
```
proxy_access_log = /dev/stdout # Path for proxy port request access
proxy_error_log = /dev/stderr # Path for proxy port request error
admin_access_log = /dev/stdout # Path for Admin API request access
admin_error_log = /dev/stderr # Path for Admin API request error
admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl
database = cassandra # Determines which of PostgreSQL or Cassandra
cassandra_contact_points = kong-ee-database # A comma-separated list of contact
cassandra_port = 9042 # The port on which your nodes are listening
cassandra_repl_strategy = SimpleStrategy # When migrating for the first time,
cassandra_repl_factor = 1 # When migrating for the first time, Kong
db_update_propagation = 1 # Time (in seconds) taken for an entity in the
enforce_rbac = on # Specifies whether Admin API RBAC is enforced;
admin_gui_listen = 0.0.0.0:8002, 0.0.0.0:8445 ssl
admin_gui_url = 0.0.0.0:8003
admin_gui_auth = basic-auth
admin_gui_session_conf = {"cookie_name":"admin_session","cookie_samesite":"off","secret":"my_admin_secret","cookie_secure":false,"storage":"kong"}
portal = on
portal_gui_host = 0.0.0.0:8003
portal_session_conf = {"cookie_name":"portal_session","cookie_samesite":"off","secret":"my_portal_secret","cookie_secure":false,"storage":"kong"}
```
Kong starts successfully, but I'm still met with:
![image|444x500](upload://9I9eddfXFLCMqVwhKiQv3bY8qoz.png)
**Double Checks**
I've checked that 0.0.0.0 doesn't resolve to some other host on the network both through docker and through my terminal, so it shouldn't be resolving to a different kong instance:
```
docker stop $(docker ps -aq --filter "ancestor=kong-ee:0.36")
curl 0.0.0.0:8002
curl: (7) Failed to connect to 0.0.0.0 port 8002: Connection refused
```
Kong does indeed start, so I don't think I've messed anything up in the configuration file
```
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ec0d45027eff kong-ee:0.36 "/docker-entrypoint.…" 6 minutes ago Up 3 seconds 0.0.0.0:8001-8004->8001-8004/tcp, 0.0.0.0:8443-8445->8443-8445/tcp, 8446-8447/tcp, 0.0.0.0:5000->8000/tcp kong-ee
6a76ad2a4b65 cassandra:3 "docker-entrypoint.s…" 12 minutes ago Up 12 minutes 7000-7001/tcp, 7199/tcp, 9160/tcp, 0.0.0.0:9042->9042/tcp kong-ee-database
```
I double checked that the password I set doesn't have any sneaky whitespace:
```
echo "$KONG_PASSWORD" | md5sum
27958792f4b459c8781c525821201f02 -
echo "my_sample_password" | md5sum
27958792f4b459c8781c525821201f02
```
Checking the logs I can see that my browser does indeed connect:
```
docker logs $(docker ps -aq --filter "ancestor=kong-ee:0.36") | tail -n 3
10.0.2.2 - - [19/May/2020:16:00:54 +0000] "GET /kconfig.js HTTP/1.1" 200 314 "http://127.0.0.1:8002/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
10.0.2.2 - - [19/May/2020:16:00:55 +0000] "GET /favicon.ico HTTP/1.1" 200 32038 "http://127.0.0.1:8002/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
10.0.2.2 - - [19/May/2020:16:01:45 +0000] "GET /kconfig.js HTTP/1.1" 304 0 "http://127.0.0.1:8002/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
10.0.2.2 - - [19/May/2020:16:01:45 +0000] "GET /favicon.ico HTTP/1.1" 200 32038 "http://127.0.0.1:8002/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
```
The only weird thing is that I don't see a 401 in the logs when the password validation fails through my browser. Why does Kong not let me use the admin password?