Solution - AMC returns `not authorised` with Access Control enabled Aerospike cluster

Solution: AMC returns not authorised with Access Control enabled Aerospike cluster

Problem Description

When AMC is being used to monitor an Aerospike cluster where Access Control has been enabled, it returns a message saying Not Authorised when logging in to AMC. The AMC Basic Auth stanza is commented out and the cluster details have been entered correctly in the amc.conf file as shown below:

        [amc.clusters.db1]
        host = "172.17.0.7"
#       tls_name =
        port = 3000
        user = "amcuser"
        password = "amcpass"
        show_in_ui = true

The cluster is up and running and connetions from the AMC server using AQL work correctly with the username and password given in amc.conf.

Explanation

This issue will occur when the AMC Community edition is being used. The Community edition does not support Access Control as this is an Enterprise feature. On logging in to AMC, it will run an info call to get basic cluster information and if this cannot authenticate against the cluster the call will fail with Not Authorised. The Enterprise and Community editions of AMC share the same configuration file to make upgrade easy and so although the Access Control parameters can be entered, they will not be respected by Community edition.

Solution

To use AMC with an Aerospike cluster configured for Access Control the Enterprise edition must be used. To install the Enterprise edition the Community edition must be removed from the system. Methods for doing this via rpm and apt are shown below:

Apt method (for .deb packages on Debian systems)

# search for the proper package name

root@b859bfac592f:/# apt search amc
Sorting... Done
Full Text Search... Done
aerospike-amc-community/now 4.0.27 amd64 [installed,local]
  Aerospike Management Console

# remove the package

root@b859bfac592f:/etc/amc# apt-get remove aerospike-amc-community
Reading package lists... Done
Building dependency tree
#
Reading state information... Done
The following packages will be REMOVED:
  aerospike-amc-community
0 upgraded, 0 newly installed, 1 to remove and 48 not upgraded.
After this operation, 26.5 MB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 7350 files and directories currently installed.)
Removing aerospike-amc-community (4.0.27) ...

# install the new version

apt install ./aerospike-amc-enterprise-4.0.27_amd64.deb
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'aerospike-amc-enterprise' instead of './aerospike-amc-enterprise-4.0.27_amd64.deb'
The following NEW packages will be installed:
  aerospike-amc-enterprise

RPM method (for RHEL / Centos)

# search for the proper package name

[root@e212cf525192 tmp]# rpm -qa |grep amc
aerospike-amc-community-4.0.19-1.x86_64

# remove the package

[root@e212cf525192 tmp]# rpm -ev aerospike-amc-community-4.0.19-1.x86_64

# install the new version

[root@e212cf525192 tmp]# rpm -ivh aerospike-amc-enterprise-4.0.27-1.x86_64.rpm
Preparing...                ########################################### [100%]
   1:aerospike-amc-enterpris########################################### [100%]
[root@e212cf525192 tmp]#

Notes

  • The Basic Auth stanza in the amc.conf file does not control database access, it controls access to the AMC web front end. It can be used in conjunction or independantly of the cluster Access Control.
  • AMC Edition (Community or Enterprise) will be listed when searching for the package. It will also be shown in the logs.
time="2020-03-05T10:13:37-05:00" level=info msg="Starting AMC server, version: 4.0.27 community" 
  • AMC Enterprise is planned to be open sourced and released as a Community product in Q2 2020.

Keywords

AMC COMMUNITY ENTERPRISE NOT AUTHORISED AUTH SECURITY

Timestamp

March 2020

© 2015 Copyright Aerospike, Inc. | All rights reserved. Creators of the Aerospike Database.