Invalid JWT token: signature is invalid

antonkad commented 5 years ago

Hello,

I tried installing gluster-kubernetes on a fresh kubernetes cluster (installed with kubespray). Followed the pages of documentation and the videos but I cannot install simply by using the command:

'./gk-deploy -g typology.json'.

Since 20 days It is mandatory to give some jwt token to heteki. But I cannot find any information on how to retrieve those keys.

So I tried the command:

the command: ./gk-deploy -g --admin-key <random_pass> --user_key <random_pass> typology.json

But I'm getting this error:

I saw your contact informations and got to the kubernetes slack, after explaining one of you asked me to create an issue in here.

Regards

Edit 1:

### Topology.json

{ "clusters": [ { "nodes": [ { "node": { "hostnames": { "manage": [ "xxxxxxxxxxxxxx" ], "storage": [ "xxxxxxxxxxxx" ] }, "zone": 1 }, "devices": [ "/dev/mapper/datavg-lv_data" ] }, { "node": { "hostnames": { "manage": [ "xxxxxxxxxxxxxx" ], "storage": [ "xxxxxxxxxxx" ] }, "zone": 1 }, "devices": [ "/dev/mapper/datavg-lv_data" ] } ] } ]

Logs

`Using Kubernetes CLI.

Checking status of namespace matching 'default': default Active 2d20h Using namespace "default". Checking for pre-existing resources... GlusterFS pods ... Checking status of pods matching '--selector=glusterfs=pod': glusterfs-7pc6m 1/1 Running 0 44h glusterfs-q779m 1/1 Running 0 44h found. deploy-heketi pod ... Checking status of pods matching '--selector=deploy-heketi=pod': deploy-heketi-7f7b484967-srp2t 1/1 Running 0 44h found. heketi pod ... Checking status of pods matching '--selector=heketi=pod':

Timed out waiting for pods matching '--selector=heketi=pod'. not found. gluster-s3 pod ... Checking status of pods matching '--selector=glusterfs=s3-pod':

Timed out waiting for pods matching '--selector=glusterfs=s3-pod'. not found. Creating initial resources ... /usr/local/bin/kubectl -n default create -f /root/gluster-kubernetes/deploy/kube-templates/heketi-service-account.yaml 2>&1 /usr/local/bin/kubectl -n default create -f /root/gluster-kubernetes/deploy/kube-templates/heketi-service-account.yaml 2>&1 Error from server (AlreadyExists): error when creating "/root/gluster-kubernetes/deploy/kube-templates/heketi-service-account.yaml": serviceaccounts "heketi-service-account" already exists /usr/local/bin/kubectl -n default create clusterrolebinding heketi-sa-view --clusterrole=edit --serviceaccount=default:heketi-service-account 2>&1 /usr/local/bin/kubectl -n default create clusterrolebinding heketi-sa-view --clusterrole=edit --serviceaccount=default:heketi-service-account 2>&1 Error from server (AlreadyExists): clusterrolebindings.rbac.authorization.k8s.io "heketi-sa-view" already exists /usr/local/bin/kubectl -n default label --overwrite clusterrolebinding heketi-sa-view glusterfs=heketi-sa-view heketi=sa-view /usr/local/bin/kubectl -n default label --overwrite clusterrolebinding heketi-sa-view glusterfs=heketi-sa-view heketi=sa-view clusterrolebinding.rbac.authorization.k8s.io/heketi-sa-view not labeled OK Determining heketi service URL ... OK /usr/local/bin/kubectl -n default exec -i deploy-heketi-7f7b484967-srp2t -- heketi-cli -s http://localhost:8080 --user admin --secret 'aaaarRR' topology load --json=/etc/heketi/topology.json 2>&1 /usr/local/bin/kubectl -n default exec -i deploy-heketi-7f7b484967-srp2t -- heketi-cli -s http://localhost:8080 --user admin --secret 'aaaarRR' topology load --json=/etc/heketi/topology.json 2>&1 Error: Unable to get topology information: Invalid JWT token: signature is invalid (client and server secrets may not match) command terminated with exit code 255 Error loading the cluster topology. Please check the failed node or device and rerun this script.`

Don't take into account that the pods already exists
For the purpose of demonstration we've change the password, but still when we tried numerous time , we use the same command.
We also have to deleted the remaining pods, secrets and services deployed by the gk-deploy in the default namespaces. Then tried again.

Other that the errors about the pods being already created, the major that we have is this one:

Error: Unable to get topology information: Invalid JWT token: signature is invalid (client and server secrets may not match)

humblec commented 5 years ago

@raghavendra-talur can you please help here as we made key a mandatory parameter with our last commit? @phlogistonjohn @jarrpa too .

phlogistonjohn commented 5 years ago

First, I find the screenshot very difficult to read. Next time please copy and paste the text itself. Next, did you attempt to deploy more than once? If so the 2nd attempt may not have changed the configured values for an existing resource. Last, while you are not getting a time specific error it may be good to ensure that clocks of all your nodes and the system where you are running gk-deploy are in sync.

antonkad commented 4 years ago

I have updated the issue, we have verified, the servers are well clocked and synced with the same NTP server.

Now can you respond to my question I've asked many times, but no one has responded. can you be more specific on wath does the gk-deploy needs to have as argurements:

Wath are the admin_key and user_key ? Are they JWT token I'm supposed to retrieve from somewhere else ? Are they random passwords I have to generate ? No documentations gives any informations about that

zlosim commented 4 years ago

did anybody found solution for this?

DineshC001 commented 4 years ago

I am also looking for a solution to this problem. Anyone?

DineshC001 commented 4 years ago

The cluster was working without any issues earlier. Suddenly I could not longer run heketi commands: heketi-cli -s http://localhost:8080 --user admin --secret '' node list Error: Invalid JWT token: signature is invalid (client and server secrets may not match)

I tried to rebuild the cluster and now fails with the below error when I run the the script: gk-deploy -gvy -n glusterfs topology.json

"/usr/local/bin/kubectl -n glusterfs exec -i deploy-heketi-654c87b864-8kfl6 -- heketi-cli -s http://localhost:8080 --user admin --secret '' topology load --json=/etc/heketi/topology.json 2>&1", "Error: Unable to get topology information: Invalid JWT token: signature is invalid (client and server secrets may not match)", "command terminated with exit code 255", "Error loading the cluster topology.", "Please check the failed node or device and rerun this script.

pavelzamyatin commented 4 years ago

Hey everyone. In my case, it helped to download the latest version of gk-deploy.sh script and specify --admin-key=${ADMIN-KEY} --user-key=${USER-KEY} arguments. Then I was able to finish the process.

sfgroups-k8s commented 4 years ago

I am also started getting this error message. any fix for this?

heketi-cli topology info

Error: Invalid JWT token: Token missing iss claim

xom4ek commented 4 years ago

I am also started getting this error message. any fix for this?

heketi-cli topology info

Error: Invalid JWT token: Token missing iss claim

You just need set env params user and key

export HEKETI_CLI_USER=admin
export HEKETI_CLI_KEY=password
heketi-cli topology info
Cluster Id: 1322d4b64ad27d6f2c4c47a3bbdd1b14...

unset HEKETI_CLI_USER HEKETI_CLI_KEY
heketi-cli topology info
Error: Invalid JWT token: Token missing iss claim

gluster / gluster-kubernetes

Invalid JWT token: signature is invalid #607