I’m trying to update my openmrs services running on ECS cluster service with 4 tasks in it. Till now, it was working on openmrs 2.1.1 and I’m now updating it to 2.5.10 with all the bahmni dependencies from bahmni-docker repository. The database updation, modules and everything ran successfully. But after this, I’m not able to login into openmrs. Going deep into it, I found that when I’m running 1 task in the ECS service, it is working perfectly. But if I’m increasing the number of tasks, it is giving 401 unauthorised error everytime. But it was working fine on all 4 tasks with openmrs 2.1.1. I couldn’t understand the reason behind this strange behaviour. Can you please help?
1 Like
It would greatly help to look at the logs.
When you say 4 “tasks”, is this essentially 4 instances of OpenMRS? Is the servlet container you’re using to run OpenMRS setup to enable clustering and session replication? Is your gateway / router / whatever configured to use sticky sessions or is it a pure round-robin or some other algorithm? Where in the flow do these 401 errors occur? And, as @dkayiwa said, some logs would be helpful.
@ibacher @dkayiwa I’ve checked the logs but there is no such error logged when I’m trying to login. I’ll change the log level to see if there is something in more granular logs. But here the point is that we’re running openmrs 2.1.1 for about 5-6 years with 4 tasks running parallelly and it never gave this kind of error. I’m getting this issue after updating the system to 2.5.10 (with all bahmni modules).
@chughrahul That’s why I asked you a series of questions designed to understand how you have things configured. The fact that it was working and isn’t now is a sign of an issue, but doesn’t point us to a solution. 401 errors are “unauthorized” errors. If things worked before, we can assume (hopefully) that your user accounts have the right permissions. However, if you are running 4 instances of OpenMRS (I’m still not clear on this), what’s important is ensuring that your setup is configured:
- To route users to the same backend instance for each request or
- To allow sharing sessions across instances
Otherwise, it would seem very easy for a user to authenticate via one OpenMRS instance, submit a request, and have that request routed to a separate OpenMRS instance, which doesn’t recognise the session, and so responds with a 401 error because the user is only authenticated with one of the four instances you have running.