Support request

[codedawi]

Failing to authenticate using faas-cli to my digital ocean cluster.

Expected Behaviour

Install cloud functions on digital ocean.

Current Behaviour

Calling the OpenFaaS server to validate the credentials...
Handling connection for 31111
Cannot connect to OpenFaaS on URL: http://127.0.0.1:31111. Get "http://127.0.0.1:31111/system/functions": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Deploying: github-push.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Deploying: buildshiprun.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Deploying: github-status.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Deploying: pipeline-log.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Deploying: list-functions.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Deploying: metrics.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Deploying: function-logs.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Deploying: system-github-event.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Deploying: garbage-collect.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Deploying: import-secrets.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Deploying: audit-event.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Deploying: echo.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Deploying: git-tar.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Function 'github-status' failed to deploy with status code: 401
Function 'pipeline-log' failed to deploy with status code: 401
Function 'function-logs' failed to deploy with status code: 401
Function 'system-github-event' failed to deploy with status code: 401
Function 'garbage-collect' failed to deploy with status code: 401
Function 'import-secrets' failed to deploy with status code: 401
Function 'git-tar' failed to deploy with status code: 401
Function 'github-push' failed to deploy with status code: 401
Function 'buildshiprun' failed to deploy with status code: 401
Function 'list-functions' failed to deploy with status code: 401
Function 'metrics' failed to deploy with status code: 401
Function 'audit-event' failed to deploy with status code: 401
Function 'echo' failed to deploy with status code: 401
Fetch templates from repository: https://github.com/openfaas/templates.git at master
Deploying: system-dashboard.
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Handling connection for 31111

unauthorized access, run "faas-cli login" to setup authentication for this server

Function 'system-dashboard' failed to deploy with status code: 401

Steps to Reproduce (for bugs)

1. ofc-bootstrap create-github-app 

2. ofc-bootstrap apply --file init.yaml

Context

Your Environment

• faas-cli version ( full output ): 0.12.4

• Docker version docker version (e.g. Docker 17.0.05 ): 19.03.5

• Kubernetes version kubectl version:

  Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.5", GitCommit:"20c265fef0741dd71a66480e35bd69f18351daea", GitTreeState:"clean", BuildDate:"2019-10-15T19:16:51Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
  Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.2", GitCommit:"52c56ce7a8272c798dbc29846288d7cd9fbae032", GitTreeState:"clean", BuildDate:"2020-04-30T20:19:45Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}

• Are you using faas-netes or the Operator? Unsure

• Operating System and version (e.g. Linux, Windows, MacOS): MacOS

• Link to your project or a code example to reproduce issue:

• Please also follow the troubleshooting guide and paste in any other diagnostic information you have:

init.yaml

secrets:
  ### Generated secrets (do not edit)
  - name: basic-auth
    literals:
      - name: basic-auth-user
        value: admin
      - name: basic-auth-password
        value: ""
    filters:
      - "default"
    namespace: "openfaas"
  - name: "payload-secret"
    literals:
      - name: payload-secret
        value: ""
    filters:
      - "default"
    namespace: "openfaas"
  - name: "jwt-private-key"
    files:
      - name: "key"
        value_from: "./tmp/key"
        value_command: "openssl ecparam -genkey -name prime256v1 -noout -out ./tmp/key"
    filters:
      - "auth"
    namespace: "openfaas"
  - name: "jwt-public-key"
    files:
      - name: "key.pub"
        value_from: "./tmp/key.pub"
        value_command: "openssl ec -in ./tmp/key -pubout -out ./tmp/key.pub"
    filters:
      - "auth"
    namespace: "openfaas"

  ### User-input
  ### In this section, you must populate all your secrets or secret file-locations
  ### and your desired configuration.
  ### For more information see: https://github.com/openfaas/openfaas-cloud/tree/master/docs
  - name: github-webhook-secret
    literals:
    - name: github-webhook-secret
      value: e...
    namespace: openfaas-fn
    filters:
    - scm_github
  - name: private-key
    literals:
    - name: private-key
      value: |
        -----BEGIN RSA PRIVATE KEY-----
        MI...
        -----END RSA PRIVATE KEY-----
    namespace: openfaas-fn
    filters:
    - scm_github
  - name: "of-client-secret"
    literals:
      - name: of-client-secret
        value: "1....."
    filters:
      - "auth"
    namespace: "openfaas"

 # DNS Service Account secret for DNS01 (wildcard) challenge

  ## Use DigitalOcean
  ### Create a Personal Access Token and save it into a file, with no new-lines
  - name: "digitalocean-dns"
    literals:
      - name: "access-token"
        value: "4......"
    filters:
      - "do_dns01"
    namespace: "cert-manager"

  # Used by Buildkit to push images to your registry
  - name: "registry-secret"
    files:
      - name: "config.json"
        value_from: "./credentials/config.json"
    filters:
      - "default"
    namespace: "openfaas"

  # Used to pull functions / images to nodes by Kubernetes
  - name: "registry-pull-secret"
    files:
      - name: ".dockerconfigjson"
        value_from: "./credentials/config.json"
    namespace: "openfaas-fn"
    filters:
      - "default"
    type: "kubernetes.io/dockerconfigjson"

## If not using a HTTPS URL, then set a list of CUSTOMERS
## To use this set "value_from" to a real file path, and put in a list (each item on a new line) of usernames, without other whitespace
  - name: "of-customers"
    files:
      - name: "of-customers"
        value_from: "/Users/codedawi/go/src/github.com/openfaas-incubator/ofc-bootstrap/CUSTOMERS"
    namespace: "openfaas"
    filters:
      - "default"
  - name: "customers"
    files:
      - name: "customers"
        value_from: "/Users/codedawi/go/src/github.com/openfaas-incubator/ofc-bootstrap/CUSTOMERS"
    namespace: "openfaas-fn"
    filters:
      - "default"

### Docker registry
#### This can be any cluster accessible by your cluster. To populate the file
#### run `docker login` with "store in keychain" turned off in Docker Desktop.
#### This can also be your private registry
#### Format: registry/username/ - i.e. replace ofctest with your login

registry: docker.io/codedawi/

### Use a secret instead of a publicly accessible URL for the ACL
### of valid users.
customers_secret: false

### Your root DNS domain name, this can be a sub-domain i.e. staging.o6s.io / prod.o6s.io
root_domain: "staging.codedawi.com"

## Ingress into OpenFaaS Cloud

### Keep active if using a cluster with a LoadBalancer available.
ingress: loadbalancer

### Uncomment if using on-premises or a host/cloud without a loadbalancer
# ingress: host

## Define the custom templates available for your users
### If needed edit the git-tar Deployment after running the tool
deployment:
  custom_templates:
    - "https://github.com/openfaas-incubator/golang-http-template.git"
    - "https://github.com/openfaas-incubator/node10-express-template.git"
    - "https://github.com/openfaas-incubator/python-flask-template.git"
    - "https://github.com/openfaas-incubator/ruby-http"

## Source Control Management
### Pick either github or gitlab
scm: github
# scm: gitlab

## Populate from GitHub App
github:
  app_id: "70659"

## Enable auth:
### When enabled users must log in with a valid GitHub account and be present in the
### customers file to view any dashboard
enable_oauth: true

## Populate from OAuth App
oauth:
  client_id: Iv1.aa3f5a0df95ba477

  ## For GitLab put your OAuth provider base URL
  # oauth_provider_base_url: "https://gitlab.o6s.io"

  ## For GitHub leave blank
  oauth_provider_base_url: ""

## Slack
### You can set your own url to get an audit trail in your Slack workspace
### You can edit this after deployment if needed in the audit function
# slack:
#   url: http://gateway.openfaas:8080/function/echo

### Users allowed to access your OpenFaaS Cloud
#### ACL for your users, it must be a raw text file or GitHub RAW URL
#### At time of writing this _must_ be a public repo URL
customers_url: "https://raw.githubusercontent.com/codedawi/faas/master/CUSTOMERS"

##  S3 configuration
### Build logs from buildkit are stored in S3
### Defaults to in-cluster deployment of Minio. AWS S3 is also possible
s3:
  s3_url: cloud-minio.openfaas.svc.cluster.local:9000
  s3_region: us-east-1
  s3_tls: false
  s3_bucket: pipeline

## TLS
tls: true
tls_config:
  # issuer_type: "prod"
  issuer_type: "staging"
  email: "brett@codedawi.com"

  ## Select DNS web service between Amazon Route 53 (route53) and Google Cloud DNS (clouddns)
  # by uncommenting the required option

  ### DigitalOcean
  dns_service: digitalocean

  ### Google Cloud DNS
  # dns_service: clouddns
  # project_id: "my-openfaas-cloud"

  ### AWS Route53
  # dns_service: route53
  # region: us-east-1
  # access_key_id: ASYAKIUJE8AYRQQ7DU3M

  ### Cloudflare
  # dns_service: cloudflare

## Dockerfile language support
### Use with caution, it allows any workload to be built and run
enable_dockerfile_lang: false

## Set to true to enable scaling to zero
### When enabled, all functions are included by default, to turn off add a label
### of com.openfaas.scale.zero: "false"
scale_to_zero: false

## Enable network policies
### Prevents functions from talking to the openfaas namespace, and to each other.
### Use the ingress address for the gateway or the external IP instead.
network_policies: false

## Branch that OpenFaaS Cloud will build and deploy
## You should change this if you want a different branch to be built and deployed instead of master
build_branch: master

## Version of OpenFaaS Cloud from https://github.com/openfaas/openfaas-cloud/releases/
openfaas_cloud_version: 0.13.10

## This setting, if true, will install the openfaas ingress-operator
enable_ingress_operator: false

[alexellis]

/set title: Support request

[alexellis]

Hi thanks for your interest in the project, we deliver user support via Slack and not via GitHub issues.

For that reason let's get this closed, and move across if you need further help?

I would also suggest that if you've re-run ofc-bootstrap against the same cluster more than once, that you delete the cluster or pick a new one to run against. ofc-bootstrap offers no guarantees about being re-runnable and the error you posted is likely to happen if you have left over processes or port-forwardings.

Alex

[alexellis]

/msg: slack

[derek[bot]]

-- Join Slack to connect with the community https://docs.openfaas.com/community

[codedawi]

okay thank you my apologies

[alexellis]

From looking at your error it looks like an environmental issue from re-running the bootstrap > 1 time, or something else like a timing issue. You can try destroying the cluster and re-running. We'll see you on Slack, let us know how far you got?

[codedawi]

Definitely could be the issue, I was trying a few different things with a handful of clusters (both managed and local). I am probably going to have time tonight to mess around. Also, I submitted my request to join the Slack. Thanks again for your responsiveness and help such far. Cheers.