[Bug]: `Cannot load resource config "db". Resource does not exist` because of remember me cookie

[zimmski]

Affected Chart

icingaweb2

Which version of the app contains the bug?

0.1.0 helm chart

Please describe your problem

When the Icinga Web pod is rescheduled (or destroyed and a new appears) the "remember me" functionality breaks Icinga Web and shows the following error:

Cannot load resource config "db". Resource does not exist

#0 /usr/share/icingaweb2/library/Icinga/Common/Database.php(32): Icinga\Data\ResourceFactory::getResourceConfig()
#1 /usr/share/icingaweb2/library/Icinga/Web/RememberMe.php(110): Icinga\Web\RememberMe->getDb()
#2 /usr/share/icingaweb2/application/controllers/AuthenticationController.php(49): Icinga\Web\RememberMe::fromCookie()
#3 /usr/share/icingaweb2/library/vendor/Zend/Controller/Action.php(507): Icinga\Controllers\AuthenticationController->loginAction()
#4 /usr/share/icingaweb2/library/Icinga/Web/Controller/Dispatcher.php(76): Zend_Controller_Action->dispatch()
#5 /usr/share/icingaweb2/library/vendor/Zend/Controller/Front.php(937): Icinga\Web\Controller\Dispatcher->dispatch()
#6 /usr/share/icingaweb2/library/Icinga/Application/Web.php(290): Zend_Controller_Front->dispatch()
#7 /usr/share/icingaweb2/library/Icinga/Application/webrouter.php(105): Icinga\Application\Web->dispatch()
#8 /usr/share/icingaweb2/public/index.php(4): require_once(String)
#9 {main}

The way i work around this is by removing every cookie, and then log in again.

[mocdaniel]

Hello, sorry for getting back to you just now - can you share a few more details on your environment? I wasn't able to reproduce this issue, neither on a local, one-node dev cluster, nor on a production-grade multi-node cluster in the cloud.

[zimmski]

@mocdaniel sure! What do want to know? In general we have a k3s cluster that uses Ceph for persistent storage. Maybe the easiest solution is to just do a call and i screen-share and you talk me through what you want to know? I just tried again trice, and i can reproduce it 100% of the time.

[mocdaniel]

@zimmski Thanks for the offer, for the time being your values.yml file with redacted sensitive values should suffice :) I just need to reproduce your environment to start working on a fix.

[Munsio]

Sure here is the configuration:

icinga2:
  features:
    graphite:
      host: graphite
      enabled: true
      enable_send_tresholds: true
      enable_send_metadata: true

  serviceAccount:
    enabled: true

  persistence:
    enabled: true
    size: 5Gi
    storageClass: 'ceph-rbd-sc'

icingaweb2:
  modules:
    graphite:
      enabled: true
      graphite:
        url: http://graphite:8080
        user: ''
        password: ''
        insecure: 1
      icinga:
        graphite_writer_host_name_template: { 'icinga2.$host.name$.$host.check_command$' }
        graphite_writer_service_name_template: { 'icinga2.$host.name$.services.$service.name$.$service.check_command$' }

global:
  databases:
    director:
      persistence:
        enabled: true
        size: 5Gi
        storageClass: 'ceph-rbd-sc'
    icingadb:
      persistence:
        enabled: true
        size: 5Gi
        storageClass: 'ceph-rbd-sc'
    icingaweb2:
      persistence:
        enabled: true
        size: 5Gi
        storageClass: 'ceph-rbd-sc'

ceph-rbd-sc is the Ceph Block Device Storage Class we use to automatic provision PVs based on PVCs

The problem is happening for me whenever the pods are rescheduled onto another node inside the cluster.

[mocdaniel]

Thank you very much! I will get back to you once I recreated your setup and checked some things.

[mocdaniel]

I think this symptom has already been fixed since v0.1.0. A faulty reference to a non-existing database resource db caused by some mixed up ENVs we set for icingaweb2 is what produces the output in your screenshot.

This error will be resolved in v0.2.0.

In the meantime, set Values.icingaweb2.auth.resource to db and Values.icingaweb2.auth.type to the name of your icingaweb2 database resource (default is icingaweb2db).