search

microcks / microcks-ansible-operator

Kubernetes Operator for easy setup and management of Microcks installs
https://microcks.io
Apache License 2.0
26 stars 5 forks source link

OLM microcks operator 1.3.0 fails to reconcile existing and new MicrocksInstalls #41

Closed whitfiea closed 3 years ago

whitfiea commented 3 years ago

Microcks operator 1.3.0 on OCP 4.6.34 failed to reconcile a Microcks install that was installed at the 1.2.1 level after the operator was upgraded. The reconcile error is:

An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: microcks-grpc.crt

The Microcks CR spec is:

spec:
  keycloak:
    install: true
    persistent: true
    volumeSize: 1Gi
  microcks:
    replicas: 1
  mongodb:
    install: true
    persistent: true
    volumeSize: 2Gi
  name: mas-iot-microcksinstall
  postman:
    replicas: 1
  version: 1.2.1
status:
  conditions:
    - lastTransitionTime: '2021-07-28T07:58:35Z'
      message: Running reconciliation
      reason: Running
      status: 'False'
      type: Running
    - ansibleResult:
        changed: 0
        completion: '2021-07-28T07:59:16.821622'
        failures: 1
        ok: 27
        skipped: 19
      lastTransitionTime: '2021-07-28T07:59:17Z'
      message: >-
        An unhandled exception occurred while running the lookup plugin 'file'.
        Error was a <class 'ansible.errors.AnsibleError'>, original message:
        could not locate file in lookup: microcks-grpc.crt
      reason: Failed
      status: 'True'
      type: Failure

Also creating a new MicrocksInstall instance using the same updated operator also fails with the same error.

lbroudoux commented 3 years ago

Thanks a lot for opening this issue. Could it be related to #39 ? I will have a look at it as soon as possiblee.

whitfiea commented 3 years ago

@lbroudoux yes that looks to be the issue, this is the error you see on the first reconcile when those files are not present:

TASK [The Microks GRPC certs are generated] ********************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["openssl", "req", "-x509", "-nodes", "-days", "3650", "-newkey", "rsa:2048", "-keyout", "microcks-grpc.key", "-out", "microcks-grpc.crt", "-subj", "/CN=mas-core-microcksinstall-microcks.masdeps1-6f1620198115433da1cac8216c06779b-0000.eu-gb.containers.appdomain.cloud", "-extensions", "san", "-config", "microcks-grpc.cnf"], "delta": "0:00:00.085309", "end": "2021-07-28 11:06:48.479105", "msg": "non-zero return code", "rc": 1, "start": "2021-07-28 11:06:48.393796", "stderr": "Generating a RSA private key\n..................................................+++++\n..+++++\nwriting new private key to 'microcks-grpc.key'\n-----\nproblems making Certificate Request\n140114897585984:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:crypto/asn1/a_mbstr.c:107:maxsize=64", "stderr_lines": ["Generating a RSA private key", "..................................................+++++", "..+++++", "writing new private key to 'microcks-grpc.k...
[

The following reconcile runs then fail with the

as it doesn't try to rerun the openssl command as it sees the key is already present but there is no generated crt.

It looks like the url is in the subjectAltNames so I guess it just needs the CN to be reduced

lbroudoux commented 3 years ago

Great! Thanks for the analysis. Made a first rapid test and it seems to work just adding a | truncate(64). I did not have such long CN when testing sorry 😉

lbroudoux commented 3 years ago

Marking this one as duplicate and will pursue on original #39.