Set Password for kong_admin yet is Invalid on login

I’m running through the steps to upgrade Kong Gateway Enterprise on Docker from v0.36 to v1.5 on a virtual machine. To do this, I’m setting up Kong v0.36 on the VM with the intent to script out the steps. However, when I go to seed the Super User following [[these steps]] and go to log in, it throws an Invalid User or Password error. I’ve done the following to get it running:

# set up cassandra

docker run -d --name kong-ee-database \
    --network=kong-ee-net \
    -p 9042:9042 \
    -v "$HOME/cassandra/data:/var/lib/cassandra" \
    cassandra:3
# run migrations
KONG_LICENSE_FILE=/path/to/license.json
KONG_CONF=/path/to/conf/dir
KONG_IMAGE=kong-ee:0.36
MIGRATION=bootstrap   # can be up for upgrading kong

docker run --rm --network=kong-ee-net \
       -e "KONG_LICENSE_DATA=(<$KONG_LICENSE_FILE)" \
       -v "$HOME/kong/conf:/etc/kong" \
       -e "KONG_PASSWORD=my_secret_password" \
       "$KONG_IMAGE" kong migrations "$MIGRATION" -c /etc/kong/
    ```
And then setting up kong:
    ```
LICENSE=/path/to/license.json
CONFIG_DIR=/path/to/conf
IMAGE="kong-ee:0.36"

docker run -d --name kong-ee --network=kong-ee-net \
  -e "KONG_LICENSE_DATA=$(<$LICENSE)" \
  -v "$CONFIG_DIR:/etc/kong" \
  -p 5000:8000 \
  -p 8443:8443 \
  -p 8001:8001 \
  -p 8444:8444 \
  -p 8002:8002 \
  -p 8445:8445 \
  -p 8003:8003 \
  -p 8004:8004 \
  "$IMAGE"
    ```

My kong.conf file looks like this:
    ```

proxy_access_log = /dev/stdout       # Path for proxy port request access
proxy_error_log = /dev/stderr         # Path for proxy port request error
admin_access_log = /dev/stdout           # Path for Admin API request access
admin_error_log = /dev/stderr            # Path for Admin API request error
admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl
database = cassandra             # Determines which of PostgreSQL or Cassandra
cassandra_contact_points = kong-ee-database  # A comma-separated list of contact
cassandra_port = 9042           # The port on which your nodes are listening
cassandra_repl_strategy = SimpleStrategy  # When migrating for the first time,
cassandra_repl_factor = 1       # When migrating for the first time, Kong
db_update_propagation = 1        # Time (in seconds) taken for an entity in the
enforce_rbac = on              # Specifies whether Admin API RBAC is enforced;
admin_gui_listen = 0.0.0.0:8002, 0.0.0.0:8445 ssl
admin_gui_url = 0.0.0.0:8003
admin_gui_auth = basic-auth
admin_gui_session_conf = {"cookie_name":"admin_session","cookie_samesite":"off","secret":"my_admin_secret","cookie_secure":false,"storage":"kong"}
portal = on
portal_gui_host = 0.0.0.0:8003
portal_session_conf = {"cookie_name":"portal_session","cookie_samesite":"off","secret":"my_portal_secret","cookie_secure":false,"storage":"kong"}
    ```
Kong starts successfully, but I'm still met with:

![image|444x500](upload://9I9eddfXFLCMqVwhKiQv3bY8qoz.png) 

**Double Checks**
I've checked that 0.0.0.0 doesn't resolve to some other host on the network both through docker and through my terminal, so it shouldn't be resolving to a different kong instance:

    ```
docker stop $(docker ps -aq --filter "ancestor=kong-ee:0.36")
curl 0.0.0.0:8002
curl: (7) Failed to connect to 0.0.0.0 port 8002: Connection refused
    ```
Kong does indeed start, so I don't think I've messed anything up in the configuration file
    ```
docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                                                                       NAMES
ec0d45027eff        kong-ee:0.36        "/docker-entrypoint.…"   6 minutes ago       Up 3 seconds        0.0.0.0:8001-8004->8001-8004/tcp, 0.0.0.0:8443-8445->8443-8445/tcp, 8446-8447/tcp, 0.0.0.0:5000->8000/tcp   kong-ee
6a76ad2a4b65        cassandra:3         "docker-entrypoint.s…"   12 minutes ago      Up 12 minutes       7000-7001/tcp, 7199/tcp, 9160/tcp, 0.0.0.0:9042->9042/tcp                                                   kong-ee-database
    ```
I double checked that the password I set doesn't have any sneaky whitespace:
    ```
echo "$KONG_PASSWORD" | md5sum
27958792f4b459c8781c525821201f02  -

echo "my_sample_password" | md5sum
27958792f4b459c8781c525821201f02
    ```
Checking the logs I can see that my browser does indeed connect:
    ```
docker logs $(docker ps -aq --filter "ancestor=kong-ee:0.36") | tail -n 3

10.0.2.2 - - [19/May/2020:16:00:54 +0000] "GET /kconfig.js HTTP/1.1" 200 314 "http://127.0.0.1:8002/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
10.0.2.2 - - [19/May/2020:16:00:55 +0000] "GET /favicon.ico HTTP/1.1" 200 32038 "http://127.0.0.1:8002/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
10.0.2.2 - - [19/May/2020:16:01:45 +0000] "GET /kconfig.js HTTP/1.1" 304 0 "http://127.0.0.1:8002/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
10.0.2.2 - - [19/May/2020:16:01:45 +0000] "GET /favicon.ico HTTP/1.1" 200 32038 "http://127.0.0.1:8002/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
    ```
The only weird thing is that I don't see a 401 in the logs when the password validation fails through my browser. Why does Kong not let me use the admin password?

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ