search

PaloAltoNetworks / prisma-cloud-compute-operator

15 stars 22 forks source link

Operator fails to create console and defender deployments #34

Open prashantchitta opened 2 years ago

prashantchitta commented 2 years ago

Describe the bug

Once the pcc-operator is up and running, i am trying to create console and defender deployments using the following crd

---
apiVersion: pcc.paloaltonetworks.com/v1alpha1
kind: ConsoleDefender
metadata:
  name: pcc-consoledefender
  namespace: twistlock
spec:
  namespace: twistlock
  orchestrator: kubernetes
  version: '21_08_520'
  toolBundleUrl: <internal-registry>:8080/v21_08_520_isolated_update.tar.gz
  consoleConfig:
    serviceType: NodePort
    imageName: <internal-registry>/palo-alto-container-images/console:console_22_06_179
  defenderConfig:
    docker: false
    imageName: <internal-registry>/palo-alto-container-images/defender:defender_22_06_179

Expected behavior

Successfully create console and defender deployments.

Current behavior

Console and defender pods are not up and running. PCC Operator has the following failure logs

--------------------------- Ansible Task StdOut -------------------------------

 TASK [Create Console from YAML file] ********************************
fatal: [localhost]: FAILED! => {"changed": false, "error": 500, "msg": "Failed to create object: b'Unable to determine if virtual resource\\n'", "reason": "Internal Server Error", "status": 500}

-------------------------------------------------------------------------------
{"level":"error","ts":1665527247.7822518,"logger":"runner","msg":"\u001b[0;34mansible-playbook 2.9.26\u001b[0m\r\n\u001b[0;34m  config file = /etc/ansible/ansible.cfg\u001b[0m\r\n\u001b[0;34m  configured module search path = ['/usr/share/ansible/openshift']\u001b[0m\r\n\u001b[0;34m  ansible python module location = /usr/local/lib/python3.8/site-packages/ansible\u001b[0m\r\n\u001b[0;34m  executable location = /usr/local/bin/ansible-playbook\u001b[0m\r\n\u001b[0;34m  python version = 3.8.8 (default, Aug 11 2021, 06:52:42) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]\u001b[0m\r\n\u001b[0;34mUsing /etc/ansible/ansible.cfg as config file\u001b[0m\r\n\u001b[0;34mSkipping callback 'actionable', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'awx_display', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'counter_enabled', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'debug', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'dense', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'dense', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'full_skip', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'json', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'minimal', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'null', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'oneline', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'selective', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'skippy', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'stderr', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'unixy', as we already have a stdout callback.\u001b[0m\n\u001b[0;34mSkipping callback 'yaml', as we already have a stdout callback.\u001b[0m\n\r\nPLAYBOOK: 1b0f657302294930a1bcec39687abb8f *************************************\n\u001b[0;34m1 plays in /tmp/ansible-operator/runner/pcc.paloaltonetworks.com/v1alpha1/ConsoleDefender/twistlock/pcc-consoledefender/project/1b0f657302294930a1bcec39687abb8f\u001b[0m\n\r\nPLAY [localhost] ***************************************************************\n\u001b[0;34mMETA: ran handlers\u001b[0m\n\r\nTASK [consoledefender : Create Twistlock tools directory] **********************\r\n\u001b[1;30mtask path: /opt/ansible/roles/consoledefender/tasks/main.yml:2\u001b[0m\n\u001b[0;32mok: [localhost] => {\"changed\": false, \"gid\": 0, \"group\": \"root\", \"mode\": \"0700\", \"owner\": \"ansible\", \"path\": \"/opt/ansible/twistlock/tools\", \"size\": 190, \"state\": \"directory\", \"uid\": 1001}\u001b[0m\n\r\nTASK [consoledefender : Extract twistcli-linux.zip to tools directory] *********\r\n\u001b[1;30mtask path: /opt/ansible/roles/consoledefender/tasks/main.yml:9\u001b[0m\n\u001b[0;32mok: [localhost] => {\"changed\": false, \"dest\": \"/opt/ansible/twistlock/tools\", \"gid\": 0, \"group\": \"root\", \"handler\": \"TgzArchive\", \"mode\": \"0700\", \"owner\": \"ansible\", \"size\": 190, \"src\": \"/opt/ansible/.ansible/tmp/ansible-tmp-1665527227.5112088-396-208048592220055/v21_08_520_isolated_update.tar_q8cw9h6.gz\", \"state\": \"directory\", \"uid\": 1001}\u001b[0m\n\r\nTASK [consoledefender : Create Console YAML file] ******************************\r\n\u001b[1;30mtask path: /opt/ansible/roles/consoledefender/tasks/main.yml:15\u001b[0m\n\u001b[0;33mchanged: [localhost] => {\"changed\": true, \"cmd\": [\"linux/twistcli\", \"console\", \"export\", \"kubernetes\", \"--image-name\", \"<registry>/seceng/palo-alto-container-images/dev/console:console_22_06_179\", \"--namespace\", \"twistlock\", \"--service-type\", \"NodePort\", \"--output\", \"/opt/ansible/twistlock\"], \"delta\": \"0:00:00.046976\", \"end\": \"2022-10-11 22:27:11.952570\", \"rc\": 0, \"start\": \"2022-10-11 22:27:11.905594\", \"stderr\": \"\", \"stderr_lines\": [], \"stdout\": \"Neither storage class nor persistent volume labels were provided, using cluster default behavior\\nSaving output file to /opt/ansible/twistlock/twistlock_console.yaml\", \"stdout_lines\": [\"Neither storage class nor persistent volume labels were provided, using cluster default behavior\", \"Saving output file to /opt/ansible/twistlock/twistlock_console.yaml\"]}\u001b[0m\n\r\nTASK [consoledefender : Create Console from YAML file] *************************\r\n\u001b[1;30mtask path: /opt/ansible/roles/consoledefender/tasks/main.yml:31\u001b[0m\n\u001b[0;31mfatal: [localhost]: FAILED! => {\"changed\": false, \"error\": 500, \"msg\": \"Failed to create object: b'Unable to determine if virtual resource\\\\n'\", \"reason\": \"Internal Server Error\", \"status\": 500}\u001b[0m\n\r\nPLAY RECAP *********************************************************************\r\n\u001b[0;31mlocalhost\u001b[0m                  : \u001b[0;32mok=3   \u001b[0m \u001b[0;33mchanged=1   \u001b[0m unreachable=0    \u001b[0;31mfailed=1   \u001b[0m skipped=0    rescued=0    ignored=0   \r\n\n","job":"6930594433975056933","name":"pcc-consoledefender","namespace":"twistlock","error":"exit status 2"}

----- Ansible Task Status Event StdOut (pcc.paloaltonetworks.com/v1alpha1, Kind=ConsoleDefender, pcc-consoledefender/twistlock) -----

PLAY RECAP *********************************************************************
localhost                  : ok=3    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
welcome-to-palo-alto-networks[bot] commented 2 years ago

:tada: Thanks for opening your first issue here! Welcome to the community!