Issues with Veo on-premise installation

International (in English)
2

Hi stephanf,

just to clarify: „veo on-premise“ as a product for end-users and whitelabel-providers will begin rolling out later this year. It will be based on the official binary containers and include a Helm chart for easy setup and installation.

If you want to build your own binaries from the source code and run those locally that is of course fine as well, but it will not be a version covered by our support contracts.

I’m not sure how your setup looks like right now so I’ll try to mention a few control points:

  • make sure that you have built and are running all services (including history, reporting, accounts…) from the verinice-veo repositories. You can technically run only the core veo service but certain functions (such as reports, object version history) will not work and throw errors otherwise.
  • make sure that you have imported the provided Keycloak config export. It configures the roles, scopes etc. required by the veo OIDC clients.
  • make sure that your veo REST API service is using the OIDC realm and client-id that was set up via the imported realm (i.e. Realm: „verinice-veo“ and OIDC client „veo-on-premise“)
  • 404 errors points to something wrong with the Keycloak config
  • make sure that you have a created a „client“ with an ID that matches the user group of the account in Keycloak. I.e. you should have created a client in verinice with the uuid „4148d239-b543-42bb-bd01-9d0743201335“ and have a Keycloak account as a member of the group called „veo_client:4148d239-b543-42bb-bd01-9d0743201335“. This is usually both set up correctly when you use the „verinice-account“ REST service to create new clients and users. If you created the user manually or used the one included in the configuration export this will not automatically be the case.
  • Creation of new clients (including matching Keycloak-Accounts) is triggered by AMQP-events. We are in the process of writing a lovely command line interface to make this easier. Until this is available, you will have to follow the instructions in veo-accounts and use an AMQP client (i.e. pika for python or the RabbitMQ Web-Interface to send the event:

I think the most likely problem you’re facing right now is that you have a Keycloak account with either no client-group or a client-group that does not exist as an actual client in the veo database. The documentation linked to above should get you started with that.