Closed IbraAoad closed 4 months ago
Just hit this with traefik. +1
Not sure if this is the same error, but I am consistently getting this error when the relation is broken:
Traceback (most recent call last):
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/./src/charm.py", line 297, in <module>
main(GLAuthCharm)
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/venv/ops/main.py", line 544, in main
manager.run()
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/venv/ops/main.py", line 520, in run
self._emit()
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/venv/ops/main.py", line 509, in _emit
_emit_charm_event(self.charm, self.dispatcher.event_name)
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/venv/ops/main.py", line 143, in _emit_charm_event
event_to_emit.emit(*args, **kwargs)
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/venv/ops/framework.py", line 352, in emit
framework._emit(event)
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/venv/ops/framework.py", line 851, in _emit
self._reemit(event_path)
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/venv/ops/framework.py", line 941, in _reemit
custom_handler(event)
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/lib/charms/tls_certificates_interface/v3/tls_certificates.py", line 1840, in _on_relation_broken
self.on.all_certificates_invalidated.emit()
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/venv/ops/framework.py", line 352, in emit
framework._emit(event)
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/venv/ops/framework.py", line 851, in _emit
self._reemit(event_path)
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/venv/ops/framework.py", line 941, in _reemit
custom_handler(event)
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/lib/charms/observability_libs/v1/cert_handler.py", line 395, in _on_all_certificates_invalidated
self._generate_csr(overwrite=True, clear_cert=True)
File "/var/lib/juju/agents/unit-glauth-k8s-1/charm/lib/charms/observability_libs/v1/cert_handler.py", line 230, in _generate_csr
raise RuntimeError(
RuntimeError: private key unset. call _generate_privkey() before you call this method.
unit-glauth-k8s-1: 11:42:22 ERROR juju.worker.uniter.operation hook "certificates-relation-broken" (via hook dispatching script: dispatch) failed: exit status 1
This happens every time I scale my application's units down. I use the latest versions of cert_handler=v1
and tls_certificates=v3
. This error does not happen on juju v3.2
, but it always happens on v3.3
and v3.4
. You should be able to replicate it by running the integration tests from this commit.
I just hit the same issue on juju 3.4:
unit-alertmanager-0: 13:38:11 ERROR unit.alertmanager/0.juju-log certificates:30: Uncaught exception while in charm code:
Traceback (most recent call last):
File "./src/charm.py", line 597, in <module>
main(AlertmanagerCharm)
File "/var/lib/juju/agents/unit-alertmanager-0/charm/venv/ops/main.py", line 456, in main
_emit_charm_event(charm, dispatcher.event_name)
File "/var/lib/juju/agents/unit-alertmanager-0/charm/venv/ops/main.py", line 144, in _emit_charm_event
event_to_emit.emit(*args, **kwargs)
File "/var/lib/juju/agents/unit-alertmanager-0/charm/venv/ops/framework.py", line 352, in emit
framework._emit(event)
File "/var/lib/juju/agents/unit-alertmanager-0/charm/venv/ops/framework.py", line 865, in _emit
self._reemit(event_path)
File "/var/lib/juju/agents/unit-alertmanager-0/charm/venv/ops/framework.py", line 955, in _reemit
custom_handler(event)
File "/var/lib/juju/agents/unit-alertmanager-0/charm/lib/charms/tls_certificates_interface/v2/tls_certificates.py", line 1863, in _on_relation_broken
self.on.all_certificates_invalidated.emit()
File "/var/lib/juju/agents/unit-alertmanager-0/charm/venv/ops/framework.py", line 352, in emit
framework._emit(event)
File "/var/lib/juju/agents/unit-alertmanager-0/charm/venv/ops/framework.py", line 865, in _emit
self._reemit(event_path)
File "/var/lib/juju/agents/unit-alertmanager-0/charm/venv/ops/framework.py", line 955, in _reemit
custom_handler(event)
File "/var/lib/juju/agents/unit-alertmanager-0/charm/lib/charms/tempo_k8s/v1/charm_tracing.py", line 532, in wrapped_function
return callable(*args, **kwargs) # type: ignore
File "/var/lib/juju/agents/unit-alertmanager-0/charm/lib/charms/observability_libs/v1/cert_handler.py", line 396, in _on_all_certificates_invalidated
self._generate_csr(overwrite=True, clear_cert=True)
File "/var/lib/juju/agents/unit-alertmanager-0/charm/lib/charms/tempo_k8s/v1/charm_tracing.py", line 532, in wrapped_function
return callable(*args, **kwargs) # type: ignore
File "/var/lib/juju/agents/unit-alertmanager-0/charm/lib/charms/observability_libs/v1/cert_handler.py", line 231, in _generate_csr
raise RuntimeError(
RuntimeError: private key unset. call _generate_privkey() before you call this method.
unit-alertmanager-0: 13:38:12 ERROR juju.worker.uniter.operation hook "certificates-relation-broken" (via hook dispatching script: dispatch) failed: exit status 1
Is there any workaround? It blocks the migration form self-signed-certificates to the new tls-*
options introduced in traefik.
Bug Description
When certification broken events occur, an
all_certificates_invalidated
event is emitted fromtls_certificates_interface/v2
. This event is received incert_handler
, which subsequently runs this code. However, this execution fails because the certificate no longer exists in the relation.To Reproduce
cos-charm
cos-charm
over the certificates relationEnvironment
Relevant log output
Additional context
No response