Unable To Access Deployed Demo Applications
I've deployed the demo admin and application storefronts to our cloud/non-local environment. The applications seem to have started without errors, but I am still unable to access it via a browser.
Overview
Broadleaf supports the idea of Tenancy and Applications. Tenant represents a distinct, independent operator of the Broadleaf services. Tenants share the same infrastructure (e.g., services) but do not share data (e.g., catalogs, products, assets). Thus, a single instance of Broadleaf could be shared by multiple companies (i.e., Tenants) without allowing their data to be mixed together. You can configure a URL to the back-office admin to manage data for that tenant.
Beneath a Tenant reside its "Applications". A single Tenant can maintain multiple applications. An Application represents a storefront or commerce-facing frontend. All Applications have an identifier that defines part or all of a URL they can be resolved at. When resolution occurs, an Application can be identified by the domain, domain prefix, or a query parameter in the request’s URL.
For example:
- Domain:
www.my-application.com - Domain Prefix:
my-application.my-company.com - Query Parameter:
www.my-company.com?application=my-application
Background
If you are having problems viewing the admin or storefront, here are a few troubleshooting tips and guides to verify your setup and installation.
1. Check that the "URL Resolution" data in the database is configured appropriately for your setup.
2. Based on the Flex Package you're deploying, verify that the Installation process has inserted the data completely and in the correct order.
IMPORTANT: In order for the demo admin and storefronts to be resolvable through a browser, there is a level of "data consistency" that need to be held across the schemas in the database for the various microservices.
Troubleshooting Step 1: Verify URL Resolution Data
Verify Tenant Data
Verify that the Tenant URL Data is as expected in the Tenant Microservice. Check the IDENTIFIER_VALUE and IDENTIFIER_TYPE
VERIFY: select * from tenant.blc_tenant
By default (if you have not created a Spring Profile/Liquibase changelog to explicitly update the seed data), the demo seed data comes pre-configured for things to work on a local setup out-of-box (i.e. everything running on a single host/local machine). For example:
| IDENTIFIER_TYPE | IDENTIFIER_VALUE |
| DOMAIN | localhost |
As an example, if you were trying to deploy this to another machine or a Kubernetes cluster on the cloud, you will either want a Top Level Domain that points to the IP of an External Ingress that routes to the Admin Gateway or the IP Address of the host running the Admin Gateway.
An example topology map can be found on this guide and tutorial: https://developer.broadleafcommerce.com/tutorials/devops/deploy-to-cloud#balanced_flex_package
You would then create a liquibase changelog that updates the seed data, or you can go directly into the database and change these values.
For example, it may look something like:
| IDENTIFIER_TYPE | IDENTIFIER_VALUE |
| DOMAIN | admin.cloudexample.com or 12.345.67.890 |
You need to also make sure that any Environment Variables being configured for the Tenant Service reflect any of the changes above. In particular, the properties documented here: https://developer.broadleafcommerce.com/services/tenant-services/configuration#url_resolver_properties. For example, the default looks like this:
broadleaf:
tenant:
urlresolver:
admin:
scheme: https
domain: localhost
port: 443
As an example, if you are trying to deploy this to a K8 cluster, you may want to pass in some override ENV properties like the following:
BROADLEAF_TENANT_URLRESOLVER_ADMIN_DOMAIN: admin.cloudexample.com (or something like 12.345.67.890) BROADLEAF_TENANT_URLRESOLVER_ADMIN_PORT: 443 (or 8446 if you're going directly to the OOB gateway) BROADLEAF_TENANT_URLRESOLVER_ADMIN_SCHEME: https
Next, you will want to verify that the AUTH Tenant Data for admin has the correct Redirect URLs.
VERIFY: select * from auth.blc_client_redirect_uris
| ID | REDIRECT_URI |
| admin | https://admin.cloudexample.com |
| admin | https://admin.cloudexample.com/callback |
| admin | https://admin.cloudexample.com/silent-callback.html |
VERIFY: select * from auth.blc_client
| ID | DEFAULT_REDIRECT_URI |
| admin | https://admin.cloudexample.com |
Verify Application Data
Verify that the Application URL Data is as expected in the Tenant Microservice. Check the IDENTIFIER_VALUE and IDENTIFIER_TYPE
VERIFY: select * from tenant.blc_tenant_application
By default (if you have not created a Spring Profile/Liquibase changelog to explicitly update the seed data), the demo seed data comes pre-configured for things to work on a local setup out-of-box (i.e. everything running on a single host/local machine). For example:
| IDENTIFIER_TYPE | IDENTIFIER_VALUE |
| DOMAIN | heatclinic.localhost |
| DOMAIN | aaahotsauces.localhost |
As an example, you may want to change this to be something like (depending on your setup):
| IDENTIFIER_TYPE | IDENTIFIER_VALUE |
| DOMAIN | 12.345.67.891 |
| DOMAIN_PREFIX | aaahotsauces |
Important Note: Application Data needs to be in sync across the different microservices. If you make a change to an application directly in the Database, it will NOT automatically propagate to the other schemas. We recommend any changes to applications be done directly in the Admin. So it is worth trying to get the Admin (Tenant) up and resolvable first.
If you make changes in the Admin, these changes will automatically propagate to all the necessary microservices.
For example, you can verify in the DB the data in the other schemas:
VERIFY: select * from adminuser.blc_user_application VERIFY: select * from asset.blc_application VERIFY: select * from auth.blc_application VERIFY: select * from campaign.blc_application VERIFY: select * from catalog.blc_application etc...
Troubleshooting Step 2: Verify Flex Package Installation Process
If you are deploying to a cloud environment and using the default demo seed data, you should be aware of a particular "sequence of events" that need to happen when you first deploy the services to another environment. With the way that the default "seed data initialization" is structured, it's important that certain services start (and initialize data) in a particular order - this becomes even more relevant if you try to deploy the services in a "granular" composition for the first time, as certain services need to start first as specific data will need to get inserted first (which may impact/insert data in other schemas)
We highly recommend reading this "Deploying to the Cloud" tutorial as well. It describes various other assumptions around the installation process when first deploying the stack to another environment:
The following describes the order in which services should start (and why) when you're doing an initial installation of the full Broadleaf stack:
As an example, the following guides assumes that you will want to access the admin at "admin.cloudexample.com" and the storefronts at "heatclinic.cloudexample.com" and "aaahotsauces.cloudexample.com" - you'll want to configure your ENV with your appropriate Top Level Domain.
Verify Messaging Broker
1. First, before any of Broadleaf's core services (Flex Package Services) get deployed to your cluster, make sure you have the messaging broker set up (e.g. Kafka) and running, making sure it's ready to receive messages.
Install Auth
2. In general, it's best to install the AUTH service first.
Before the first installation, make sure you have the following ENV properties set
BROADLEAF_AUTH_DATA_LOAD_BASEADMINHOST: admin.cloudexample.com BROADLEAF_AUTH_DATA_LOAD_BASEAPPLICATIONHOST: cloudexample.com
- There are some "data initializers" inside the auth service that are responsible for pre-loading some initial permissions/roles/clients/redirect uri's into the auth schema (but not all of them just yet). The process will use these ENV properties above to configure the correct data in the DB on an initial installation. (This is why we recommend you have a Top Level Domain ready before you start the initial installation process).
- Important: if you started the auth service with a different admin host (or used the default) and then later change the ENV properties - once it has loaded the initial seed data, it will not update the data that has changed (as this is meant to be a one time initial load step). Any other updates after the first load will need to happen directly in the DB.
Verification Steps:
After the auth service has finished starting, you should be able to go into the database and verify the following:
VERIFY: select * from auth.blc_client_redirect_uris
| ID | REDIRECT_URI |
| admin | https://admin.cloudexample.com |
| admin | https://admin.cloudexample.com/callback |
| admin | https://admin.cloudexample.com/silent-callback.html |
VERIFY: select * from auth.blc_client
| ID | DEFAULT_REDIRECT_URI |
| admin | https://admin.cloudexample.com |
Wait for AUTH to completely start before moving to the Flex Package service deployments.
Install the Flex Packages
If you are installing the Balanced Flex Package Composition:
3. Install the "Supporting" Flex Package first. Make sure you start up initially with the following ENV properties:
-
SPRING_PROFILES_ACTIVE: default,cloudexample(or whatever spring profile has the correct SQL data for your environment) BROADLEAF_TENANT_URLRESOLVER_APPLICATION_SCHEME: https BROADLEAF_TENANT_URLRESOLVER_APPLICATION_DOMAIN: cloudexample.com BROADLEAF_TENANT_URLRESOLVER_APPLICATION_PORT: 443 BROADLEAF_TENANT_URLRESOLVER_ADMIN_SCHEME: https BROADLEAF_TENANT_URLRESOLVER_ADMIN_DOMAIN: admin.cloudexample.com BROADLEAF_TENANT_URLRESOLVER_ADMIN_PORT: 443
4. Install the "Browse", "Cart", and "Processing" Flex Packages next.
After Supporting has finished starting, you can verify data in "adminuser" and "auth"
VERIFY: select * from adminuser.blc_admin_user VERIFY: select * from auth.blc_user you should see the Global Admin user (master@test.com) in both
If you are installing the Granular Flex Package Composition:
3. Install Catalog, Cart, etc.... (everything else that you wish to deploy except for Admin User and Tenant as we will save this for the last step).
4. Install Admin User and wait for it to completely start up. During the startup process, several Admin Users will be inserted into the adminuser schema. Because of this new data, persistence messages will be published to the message broker and the "auth" service will listen to those events and update a few records in the auth schema.
after adminuser has finished starting, verify data in "adminuser" and "auth"
VERIFY: select * from adminuser.blc_admin_user VERIFY: select * from auth.blc_user you should see the Global Admin user (master@test.com) in both
5. Finally, install Tenant last and wait for it to completely start up. Make sure you start up initially with the following ENV properties:
-
SPRING_PROFILES_ACTIVE: default,cloudexample(or whatever spring profile has the correct SQL data for your environment) BROADLEAF_TENANT_URLRESOLVER_APPLICATION_SCHEME: https BROADLEAF_TENANT_URLRESOLVER_APPLICATION_DOMAIN: cloudexample.com BROADLEAF_TENANT_URLRESOLVER_APPLICATION_PORT: 443 BROADLEAF_TENANT_URLRESOLVER_ADMIN_SCHEME: https BROADLEAF_TENANT_URLRESOLVER_ADMIN_DOMAIN: admin.cloudexample.com BROADLEAF_TENANT_URLRESOLVER_ADMIN_PORT: 443
Verify the Admin and Storefront URL's in the Database
After all the Flex Package services have finished starting, you should be able to go into the database and verify the following:
VERIFY: select * from tenant.blc_tenant >> this should have DOMAIN | admin.cloudexample.com VERIFY: select * from tenant.blc_tenant_application >> this should have DOMAIN_PREFIX | heatclinic, etc....
Depending on Flex Package composition, new data can be inserted within various microservices - which will create persistence messages that are published to the message broker. Many of the Broadleaf services will listen to these events and update the appropriate tables.
The tables that are of particular interest are the " application" tables (which control multi-tenancy/multi-application data) in many of the schemas.
If all the services have started up correctly, all the other schemas should also have the same data in tenant.blc_tenant_application propagated to it.
For example, you can verify in the DB the data in the other schemas:
VERIFY: select * from adminuser.blc_user_application VERIFY: select * from asset.blc_application VERIFY: select * from auth.blc_application VERIFY: select * from campaign.blc_application VERIFY: select * from catalog.blc_application etc...
NOTE: You will also want to verify the redirect urls in auth match what you intend:
VERIFY: select * from auth.blc_client_redirect_uris
Further Reading:
https://developer.broadleafcommerce.com/shared-concepts/multi-tenancy
https://developer.broadleafcommerce.com/tutorials/frontend-walkthroughs/tenant-resolution
https://developer.broadleafcommerce.com/services/tenant-services