(IAC-409) Bug - 2021.2 LTS with TLS disabled

[sandeepgrande]

Hi,

we are getting below issue when we are deploying fresh install of viya 2021.2 with TLS= disabled.

"Error: merging from generator &{0xc001bc2240 {sas-certframe-user-config } {{ sas-certframe-user-config merge {[SAS_CERTIFICATE_DURATION=17531h SAS_CERTIFICATE_ADDITIONAL_SAN_DNS= SAS_CERTIFICATE_ADDITIONAL_SAN_IP=] [] []} }}}: id resid.ResId{Gvk:resid.Gvk{Group:\"\", Version:\"v1\", Kind:\"ConfigMap\"}, Name:\"sas-certframe-user-config\", Namespace:\"\"} does not exist; cannot merge or replace"

[thpang]

Looks like sas-certframe-user-config does not know what cadence 2021.2 is. Is that a new LTS for SAS?

[sandeepgrande]

Yes its new LTS for SAS

[thpang]

At that level is there a new generator needed for the sas-certframe-user-config? If so an issue would need to track this on this repo.

[thpang]

Did you follow and add entries based on the docs for viya4-deployment regarding your order and cadence : https://github.com/sassoftware/viya4-deployment/blob/main/docs/CONFIG-VARS.md#order

[AWSmith0216]

Stable/2021.1.3 is basically the same as LTS/2021.2. A likely culprit would be that the logic check for the transition to TLS components isn't working. Specifically this line:

https://github.com/sassoftware/viya4-deployment/blob/063be4d3fb6d42cb87dc3cea7b51e508ef376954/roles/vdm/tasks/tls.yaml#L73

[sandeepgrande]

@thpang - yes I added entries as well. V4_CFG_CADENCE_VERSION: 2021.2 V4_CFG_CADENCE_NAME: lts

[thpang]

And you setting this value:

V4_CFG_TLS_MODE = disabled

correct?

[dhoucgitter]

@sandeepgrande, could you share which cloud provider that you created your cluster in? Also, if possible could you share the ansible-vars-iac.yaml file that your edited V4CFG* settings appear in? Also, I'm curious about the attributes related to the particular order you are using. I am in the process of verifying a "V4_CFG_TLS_MODE = disabled" 2021.2 LTS cadence/version that I made to an Azure cluster yesterday. I did not see the error that you indicated getting above so hunting for an explanation as to why.

[sandeepgrande]

@dhoucgitter - we have created the cluster in AWS. I see a different behavior with latest Feb deployment assets. we didn't get below line with latest deployment assets however we had below line in 2021.1 and also with Jan 2021.2 assets ( TLS =disabled).

• site-config/vdm/generators/customer-provided-merge-sas-certframe-configmap.yaml

To resolve issue we had to manually add below line to kustomization.yaml components:

• sas-bases/components/security/core/base/truststores-only

[dhoucgitter]

Thanks, @sandeepgrande

I see a different behavior with latest Feb deployment assets.

Could you be more specific as to which of these behaviors you see with the latest Feb assets and which cadence/version you are specifying with your V4_CFGs when you see those, namely V4_CFG_CADENCE_NAME: lts V4_CFG_CADENCE_VERSION: 2021.2

My primary aim is to refine the error you are seeing while isolating the cadence/version you are seeing it with so that I can re-create the problem if possible, thanks.

[thpang]

Also are you installing into a v1.21 or v1.22 cluster? If you can pass along your tfvars file from your infra along with the ansible vars file you used to baseline and install viya that would be helpful. Thx.

[dhoucgitter]

Hi @sandeepgrande, if you could check out the last two comments and provide us with that information it would help us out in trying to resolve your issue, thanks.

[thpang]

Hi @sandeepgrande please review this issue by EOB today. If you don't respond this issue will be closed. If you find the error happens again, please open another issue.

[sandeepgrande]

@dhoucgitter
Jan assets - issue SASViyaV4_9CKPH7_7_lts_2021.2_20220121.1642803937134_deploymentAssets_2022-01-22T184848.tgz SASViyaV4_9CKPH7_7_lts_2021.2_20220130.1643528434316_deploymentAssets_2022-01-31T190908.tgz Feb Assets - no issue SASViyaV4_9CKPH7_7_lts_2021.2_20220209.1644427518744_deploymentAssets_2022-02-09T174022.tgz

terraform.zip

[dhoucgitter]

@sandeepgrande, just trying to understand if you've seen this issue again with any lts assets later than January and if not, do you still have a concern that there is a problem that needs to be addressed here?

[dhoucgitter]

@sandeepgrande I am closing this issue as the problem does not occur with February assets or later. Please open a new issue if you find that the error happens again, thanks.