search

dapr / cli

Command-line tools for Dapr.
Apache License 2.0
321 stars 204 forks source link

Dapr cannot connect to Sentry in self-hosted mode #1458

Open AlbertoVPersonal opened 1 month ago

AlbertoVPersonal commented 1 month ago

In what area(s)?

/area runtime

What version of Dapr?

CLI: 1.14.1 Runtime: 1.14.4

Expected Behavior

The sidecar of my app should connect to the Sentry service correctly as this happened with the version 1.13.4.

Actual Behavior

My sidecar cannot connect to Sentry 😢

Steps to Reproduce the Problem

  1. Install the latest versions of DAPR CLI and DAPR on a Windows environment.
  2. Configure Sentry to use the local and auto-generated certificates. That is, the certificates generated by Sentry when it starts.
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
  name: daprsystem
  namespace: default
spec:
  mtls:
    enabled: true
    workloadCertTTL: "8760h"
  1. Run Sentry with the following command line:
.\bin\sentry.exe --issuer-credentials .\certs\ --trust-domain cluster.local --config .\config.yaml

Log

time="2024-10-21T09:27:20.7000976+02:00" level=info msg="Log level set to: info" instance=MY_PC scope=dapr.sentry type=log ver=1.14.4
time="2024-10-21T09:27:20.7000976+02:00" level=info msg="Starting watch on filesystem directory: certs" instance=MY_PC scope=dapr.sentry type=log ver=1.14.4
time="2024-10-21T09:27:20.7006232+02:00" level=info msg="Adding validator 'insecure'" instance=MY_PC scope=dapr.sentry type=log ver=1.14.4
time="2024-10-21T09:27:20.7006232+02:00" level=info msg="Using local file system for trust bundle storage" instance=MY_PC scope=dapr.sentry.ca type=log ver=1.14.4
time="2024-10-21T09:27:20.7011652+02:00" level=info msg="Root and issuer certs found: using existing certs" instance=MY_PC scope=dapr.sentry.ca type=log ver=1.14.4
time="2024-10-21T09:27:20.701671+02:00" level=info msg="CA certificate key pair ready" instance=MY_PC scope=dapr.sentry type=log ver=1.14.4
time="2024-10-21T09:27:20.7016884+02:00" level=info msg="Using validator 'insecure'" instance=MY_PC scope=dapr.sentry type=log ver=1.14.4
time="2024-10-21T09:27:20.7016884+02:00" level=info msg="Fetching initial identity certificate" instance=MY_PC scope=dapr.runtime.security type=log ver=1.14.4
time="2024-10-21T09:27:20.7016884+02:00" level=info msg="Security is initialized successfully" instance=MY_PC scope=dapr.runtime.security type=log ver=1.14.4
time="2024-10-21T09:27:20.7016884+02:00" level=info msg="Starting workload cert expiry watcher; current cert expires on: 2025-10-21 07:27:20 +0000 UTC, renewing at 2025-04-21 19:19:50 +0000 UTC" instance=MY_PC scope=dapr.runtime.security type=log ver=1.14.4
time="2024-10-21T09:27:20.7022006+02:00" level=info msg="Healthz server is listening on [::]:8080" instance=MY_PC scope=dapr.sentry type=log ver=1.14.4time="2024-10-21T09:27:20.7022006+02:00" level=info msg="metrics server started on :9090/" instance=MY_PC scope=dapr.sentry type=log ver=1.14.4
time="2024-10-21T09:27:20.7027255+02:00" level=info msg="Running gRPC server on port 50001" instance=MY_PC scope=dapr.sentry.server type=log ver=1.14.4
  1. Run a sidecar app.

In this scenario I have included the ports in the command line but the most of time it is not included for my dummy apps.

dapr run --log-level debug --app-id DummyApp --dapr-http-port 10001 -G 10002 --resources-path .\components\ -- .\DummyApp.exe

Log

Flag --components-path has been deprecated, This flag is deprecated and will be removed in the future releases. Use "resources-path" flag instead
Starting Dapr with id DummyApp. HTTP Port: 10001. gRPC Port: 10002
Checking if Dapr sidecar is listening on HTTP port 10001
Flag --dapr-http-max-request-size has been deprecated, use '--max-body-size 4Mi'
Flag --dapr-http-read-buffer-size has been deprecated, use '--read-buffer-size 4Ki'
time="2024-10-21T10:21:01.0410199+02:00" level=info msg="Starting Dapr Runtime -- version 1.14.4 -- commit 583960dc90120616124b60ad2b7820fc0b3edf44" app_id=DummyApp instance=MY_PC scope=dapr.runtime type=log ver=1.14.4
time="2024-10-21T10:21:01.0410199+02:00" level=info msg="Log level set to: debug" app_id=DummyApp instance=MY_PC scope=dapr.runtime type=log ver=1.14.4
time="2024-10-21T10:21:01.0410199+02:00" level=info msg="Fetching initial identity certificate" app_id=DummyApp instance=MY_PC scope=dapr.runtime.security type=log ver=1.14.4
Dapr sidecar is not listening on HTTP port: dial tcp 127.0.0.1:10001: connectex: No connection could be made because the target machine actively refused it.
Checking if Dapr sidecar is listening on GRPC port 10002
Dapr sidecar is not listening on GRPC port: dial tcp 127.0.0.1:10002: connectex: No connection could be made because the target machine actively refused it.
Dapr sidecar might not be responding.
== APP == Dapr.DaprException: State operation failed: the Dapr endpoint indicated a failure. See InnerException for details.
== APP ==  ---> Grpc.Core.RpcException: Status(StatusCode="Unavailable", Detail="Error connecting to subchannel.", DebugException="System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it.")
== APP ==  ---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it.
== APP ==    at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
== APP ==    at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
== APP ==    at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|285_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
== APP ==    at Grpc.Net.Client.Balancer.Internal.SocketConnectivitySubchannelTransport.TryConnectAsync(ConnectContext context)
== APP ==    --- End of inner exception stack trace ---
== APP ==    at Grpc.Net.Client.Balancer.Internal.ConnectionManager.PickAsync(PickContext context, Boolean waitForReady, CancellationToken cancellationToken)
== APP ==    at Grpc.Net.Client.Balancer.Internal.BalancerHttpHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
== APP ==    at Grpc.Net.Client.Internal.GrpcCall`2.RunCall(HttpRequestMessage request, Nullable`1 timeout)
== APP ==    at Dapr.Client.DaprClientGrpc.GetBulkStateRawAsync(String storeName, IReadOnlyList`1 keys, Nullable`1 parallelism, IReadOnlyDictionary`2 metadata, CancellationToken cancellationToken)
== APP ==    --- End of inner exception stack trace ---
== APP ==    at Dapr.Client.DaprClientGrpc.GetBulkStateRawAsync(String storeName, IReadOnlyList`1 keys, Nullable`1 parallelism, IReadOnlyDictionary`2 metadata, CancellationToken cancellationToken)
== APP ==    at Dapr.Client.DaprClientGrpc.GetBulkStateAsync(String storeName, IReadOnlyList`1 keys, Nullable`1 parallelism, IReadOnlyDictionary`2 metadata, CancellationToken cancellationToken)
== APP ==    at MyClassForStateManagement.GetStateAsync(List`1 keys)

Release Note

RELEASE NOTE: FIX Dapr cannot connect to Sentry in self-hosted mode.

dapr-bot commented 2 days ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.