Hi, when I instantiate the Lemur compose everything works well with CFSSL. But when I reboot the containers (ie due to a host restart) certificates are not shown anymore in the Lemur WEB UI.
More digging had me assume it is a PostgreSQL problem, here's the relevant log:
FROM certificates
WHERE certificates.not_after > %(not_after_1)s
2021-06-21 18:58:04,779 INFO sqlalchemy.engine.base.Engine {'not_after_1': datetime.datetime(2021, 5, 21, 0, 0)}
2021-06-21 18:58:04,783 INFO sqlalchemy.engine.base.Engine SELECT certificates.id AS certificates_id, certificates.external_id AS certificates_external_id, certificates.owner AS certificates_owner, certificates.name AS certificates_name, certificates.description AS certificates_description, certificates.notify AS certificates_notify, certificates.body AS certificates_body, certificates.chain AS certificates_chain, certificates.csr AS certificates_csr, certificates.private_key AS certificates_private_key, certificates.issuer AS certificates_issuer, certificates.serial AS certificates_serial, certificates.cn AS certificates_cn, certificates.deleted AS certificates_deleted, certificates.dns_provider_id AS certificates_dns_provider_id, certificates.not_before AS certificates_not_before, certificates.not_after AS certificates_not_after, certificates.date_created AS certificates_date_created, certificates.signing_algorithm AS certificates_signing_algorithm, certificates.status AS certificates_status, certificates.bits AS certificates_bits, certificates.san AS certificates_san, certificates.rotation AS certificates_rotation, certificates.user_id AS certificates_user_id, certificates.authority_id AS certificates_authority_id, certificates.root_authority_id AS certificates_root_authority_id, certificates.rotation_policy_id AS certificates_rotation_policy_id, certificates.key_type AS certificates_key_type
FROM certificates
WHERE certificates.not_after > %(not_after_1)s ORDER BY certificates.id DESC
LIMIT %(param_1)s OFFSET %(param_2)s
2021-06-21 18:58:04,783 INFO sqlalchemy.engine.base.Engine {'not_after_1': datetime.datetime(2021, 5, 21, 0, 0), 'param_1': 10, 'param_2': 0}
[2021-06-21 18:58:04,786] ERROR in schema:
Traceback (most recent call last):
File "/opt/lemur/lemur/common/schema.py", line 158, in decorated_function
resp = f(*args, **kwargs)
File "/opt/lemur/lemur/certificates/views.py", line 364, in get
return service.render(args)
File "/opt/lemur/lemur/certificates/service.py", line 594, in render
result = database.sort_and_page(query, Certificate, args)
File "/opt/lemur/lemur/database.py", line 343, in sort_and_page
items = query.offset(count * page).limit(count).all()
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/query.py", line 3373, in all
return list(self)
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 100, in instances
cursor.close()
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/util/langhelpers.py", line 68, in __exit__
compat.raise_(
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 182, in raise_
raise exception
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 80, in instances
rows = [proc(row) for row in fetch]
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 80, in <listcomp>
rows = [proc(row) for row in fetch]
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 579, in _instance
_populate_full(
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 725, in _populate_full
dict_[key] = getter(row)
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/sql/type_api.py", line 1278, in process
return process_value(impl_processor(value), dialect)
File "/opt/lemur/lemur/utils.py", line 122, in process_result_value
return MultiFernet(self.keys).decrypt(value).decode("utf8")
File "/opt/venv/lib/python3.8/site-packages/cryptography/fernet.py", line 194, in decrypt
raise InvalidToken
cryptography.fernet.InvalidToken
Traceback (most recent call last):
File "/opt/lemur/lemur/common/schema.py", line 158, in decorated_function
resp = f(*args, **kwargs)
File "/opt/lemur/lemur/certificates/views.py", line 364, in get
return service.render(args)
File "/opt/lemur/lemur/certificates/service.py", line 594, in render
result = database.sort_and_page(query, Certificate, args)
File "/opt/lemur/lemur/database.py", line 343, in sort_and_page
items = query.offset(count * page).limit(count).all()
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/query.py", line 3373, in all
return list(self)
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 100, in instances
cursor.close()
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/util/langhelpers.py", line 68, in __exit__
compat.raise_(
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 182, in raise_
raise exception
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 80, in instances
rows = [proc(row) for row in fetch]
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 80, in <listcomp>
rows = [proc(row) for row in fetch]
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 579, in _instance
_populate_full(
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 725, in _populate_full
dict_[key] = getter(row)
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/sql/type_api.py", line 1278, in process
return process_value(impl_processor(value), dialect)
File "/opt/lemur/lemur/utils.py", line 122, in process_result_value
return MultiFernet(self.keys).decrypt(value).decode("utf8")
File "/opt/venv/lib/python3.8/site-packages/cryptography/fernet.py", line 194, in decrypt
raise InvalidToken
cryptography.fernet.InvalidToken
Traceback (most recent call last):
File "/opt/lemur/lemur/common/schema.py", line 158, in decorated_function
resp = f(*args, **kwargs)
File "/opt/lemur/lemur/certificates/views.py", line 364, in get
return service.render(args)
File "/opt/lemur/lemur/certificates/service.py", line 594, in render
result = database.sort_and_page(query, Certificate, args)
File "/opt/lemur/lemur/database.py", line 343, in sort_and_page
items = query.offset(count * page).limit(count).all()
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/query.py", line 3373, in all
return list(self)
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 100, in instances
cursor.close()
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/util/langhelpers.py", line 68, in __exit__
compat.raise_(
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 182, in raise_
raise exception
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 80, in instances
rows = [proc(row) for row in fetch]
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 80, in <listcomp>
rows = [proc(row) for row in fetch]
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 579, in _instance
_populate_full(
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/orm/loading.py", line 725, in _populate_full
dict_[key] = getter(row)
File "/opt/venv/lib/python3.8/site-packages/sqlalchemy/sql/type_api.py", line 1278, in process
return process_value(impl_processor(value), dialect)
File "/opt/lemur/lemur/utils.py", line 122, in process_result_value
return MultiFernet(self.keys).decrypt(value).decode("utf8")
File "/opt/venv/lib/python3.8/site-packages/cryptography/fernet.py", line 194, in decrypt
raise InvalidToken
cryptography.fernet.InvalidToken
2021-06-21 18:58:04,789 INFO sqlalchemy.engine.base.Engine ROLLBACK
steccas
commented
3 years ago
Hi, when I instantiate the Lemur compose everything works well with CFSSL. But when I reboot the containers (ie due to a host restart) certificates are not shown anymore in the Lemur WEB UI.
I'm using Lemur Docker in this project: https://github.com/Steccas/stecCA
More digging had me assume it is a PostgreSQL problem, here's the relevant log: