调用job query接口，返回unable to set private key file: '/etc/kusciaapi-server.key' type PEM

maclarencn commented 2 months ago

Issue Type

Running

Search for existing issues similar to yours

Yes

OS Platform and Distribution

BC linux 8.2

Kuscia Version

0.8.0b0

Deployment

docker

deployment Version

Docker version 24.0.2, build cb74dfc

App Running type

secretflow

App Running version

latest

Configuration file used to run kuscia.

kuscia.yaml在哪里配置？

What happend and What you expected to happen.

# export CTR_CERTS_ROOT=/etc
# curl -k -X POST 'https://172.32.173.1:11080/api/v1/job/query' \
 --header "Token: $(cat ${CTR_CERTS_ROOT}/token)" \
 --header 'Content-Type: application/json' \
 --cert ${CTR_CERTS_ROOT}/kusciaapi-server.crt \
 --key ${CTR_CERTS_ROOT}/kusciaapi-server.key \
 --cacert ${CTR_CERTS_ROOT}/ca.crt \
 -d '{
  "job_id": "job-alice-bob-001"
}'> > > > > > > >
curl: (58) unable to set private key file: '/etc/kusciaapi-server.key' type PEM
究竟该如何操作能够解决此问题？

Kuscia log output.

2024-05-29 15:24:15.402 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-coredns-controller], key[alice/secretflow-task-20240528093347-single-psi-0-fed] (19.332µs)
2024-05-29 15:24:15.402 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-coredns-controller], key[alice/secretflow-task-20240528093347-single-psi-0-global] (6.168µs)
2024-05-29 15:24:15.402 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-coredns-controller], key[alice/secretflow-task-20240528093347-single-psi-0-spu] (4.115µs)
2024-05-29 15:24:15.402 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-coredns-controller], key[alice/secretflow-task-20240528093347-single-psi-0-fed] (2.575µs)
2024-05-29 15:24:17.672 INFO controller/endpoints.go:189 Updating endpoint alice/secretflow-task-20240528093347-single-psi-0-global/379914
2024-05-29 15:24:17.672 INFO queue/queue.go:124 Finish processing item: queue id[service-poll-queue], key[alice/secretflow-task-20240528093347-single-psi-0-spu] (20.106µs)
2024-05-29 15:24:17.672 INFO controller/domain_route.go:356 Update DomainRoute alice/bob-alice revision:429260
2024-05-29 15:24:17.672 INFO queue/queue.go:124 Finish processing item: queue id[endpoints-queue], key[alice/secretflow-task-20240528093347-single-psi-0-global] (10.411µs)
2024-05-29 15:24:17.672 INFO queue/queue.go:124 Finish processing item: queue id[service-poll-queue], key[alice/secretflow-task-20240528093347-single-psi-0-fed] (17.683µs)
2024-05-29 15:24:17.672 INFO queue/queue.go:124 Finish processing item: queue id[domain-route-poll-queue], key[bob-alice:bob] (16.04µs)
2024-05-29 15:24:17.672 INFO controller/domain_route.go:431 add cluster alice-to-bob name:http protocol:HTTP port:11080
2024-05-29 15:24:17.672 INFO controller/endpoints.go:189 Updating endpoint alice/secretflow-task-20240528093347-single-psi-0-fed/379916
2024-05-29 15:24:17.672 INFO controller/endpoints.go:189 Updating endpoint alice/secretflow-task-20240528093347-single-psi-0-spu/379919
2024-05-29 15:24:17.672 INFO xds/cluster_config.go:131 Generate tls config for alice-to-bob-http
2024-05-29 15:24:17.672 INFO queue/queue.go:124 Finish processing item: queue id[endpoints-queue], key[alice/secretflow-task-20240528093347-single-psi-0-spu] (5.064µs)
2024-05-29 15:24:17.672 INFO queue/queue.go:124 Finish processing item: queue id[endpoints-queue], key[alice/secretflow-task-20240528093347-single-psi-0-fed] (11.56µs)
2024-05-29 15:24:17.672 INFO xds/xds.go:439 Add cluster:alice-to-bob-http
2024-05-29 15:24:17.672 INFO controller/domain_route.go:356 Update DomainRoute alice/alice-bob revision:428890
2024-05-29 15:24:17.676 INFO queue/queue.go:124 Finish processing item: queue id[domain-route-queue], key[alice/bob-alice] (4.496518ms)
2024-05-29 15:24:17.677 INFO xds/xds.go:439 Add cluster:alice-to-bob-http
2024-05-29 15:24:17.678 INFO queue/queue.go:124 Finish processing item: queue id[domain-route-queue], key[alice/alice-bob] (5.858129ms)
2024-05-29 15:24:17.956 INFO kusciatask/controller.go:547 KusciaTask "cross-domain/secretflow-task-20240525182731-single-psi" was finished, skipping
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/secretflow-task-20240528093347] (61.67µs)
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/secretflow-task-20240525182731] (30.931µs)
2024-05-29 15:24:17.956 INFO kusciatask/controller.go:547 KusciaTask "cross-domain/secretflow-task-20240528093347-single-psi" was finished, skipping
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[bob/secretflow-task-20240525182731] (14.925µs)
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/secretflow-task-20240525184504] (35.981µs)
2024-05-29 15:24:17.956 INFO kusciatask/controller.go:547 KusciaTask "cross-domain/secretflow-task-20240525184504-single-psi" was finished, skipping
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[bob/secretflow-task-20240525184504] (9.78µs)
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/secretflow-task-20240525182731] (9.135µs)
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[bob/secretflow-task-20240528093347] (9.149µs)
2024-05-29 15:24:17.957 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/secretflow-task-20240525184504] (8.414µs)
2024-05-29 15:24:17.957 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/secretflow-task-20240528093347] (14.245µs)
2024-05-29 15:24:18.029 INFO kusciatask/controller.go:547 KusciaTask "cross-domain/secretflow-task-20240525182731-single-psi" was finished, skipping
2024-05-29 15:24:18.029 INFO kusciatask/controller.go:547 KusciaTask "cross-domain/secretflow-task-20240525184504-single-psi" was finished, skipping
2024-05-29 15:24:18.029 INFO kusciatask/controller.go:547 KusciaTask "cross-domain/secretflow-task-20240528093347-single-psi" was finished, skipping
2024-05-29 15:24:19.155 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[alice/alice-bob] (30.445µs)
2024-05-29 15:24:19.155 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[alice/bob-alice] (13.882µs)
2024-05-29 15:24:19.155 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[bob-alice] (218.878µs)
2024-05-29 15:24:19.159 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[alice-bob] (4.486918ms)
2024-05-29 15:24:20.811 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/alice-dp-table] (30.81µs)
2024-05-29 15:24:20.811 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/bob-table] (5.402µs)
2024-05-29 15:24:20.811 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[bob/alice-table] (2.144µs)
2024-05-29 15:24:20.811 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/alice-table] (87.608µs)
2024-05-29 15:24:20.820 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[bob/domaindatagrant-0bbb68f99f0454e63a29bfed0b9b496e] (23.125µs)
2024-05-29 15:24:20.820 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/domaindatagrant-ab1465f97692a74820fba0f41b2fb6a6] (21.484µs)
2024-05-29 15:24:20.824 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/domaindatagrant-0bbb68f99f0454e63a29bfed0b9b496e] (4.449333ms)

maclarencn commented 2 months ago

maclarencn commented 2 months ago

kusciaapi-server.key内容见comment

maclarencn commented 2 months ago

[root@cm-dssn-node1 secu]# openssl rsa -in kusciaapi-server.key -check RSA key ok writing RSA key -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA6wJ3tI9yuayZB/EvwJp1y36ifg3xIzd/Txvr0woEiXxtSJwC FHH7UQmxoeFofa5p9dokDuIe0iD1vaeU2UNtXb9E8+V5tlLbWzgP8WuigmvkIFQm bMNGbgMT6CoElnJQk7EJ9i9Eo/FYVrBAWXOWyFEnChJBgz0a9XNM1QGy3/BK6zn+ yguHKOOPZYVMFWxiNPaHTXVAWUcBgEawfpegrEHv3YynwstAfo74SPyxDjIOQ9zS SDUxlrD5bkKLPogGpHp9CmtHB5910zucR8HxIG2K+dHnGm1DHFBJGqWfQb+yI3OY oX9rBFVMNFq8/6Cek4+rjxpjQFRC/3M11QBO4wIDAQABAoIBAGciYRg7b9SuO0Zy AUvcPV+9xl/djHqxC0zTaw3lspIHqgoYdQ017F3nDC6HtoyZc2Tyg6qIb5A16MJ/ feJPJfrjSsZiaaSq/hstIkoHu3zTDn1lkKtgk1MKRL05W2QO7O+z3TROECiGbQc2 ODdJc92bR6+yzU9kDKW1IP3FzhNaEKUsHOdQ4Uv3Bq1XKudGUcQa8ZxBGKBHMdu9 1NoKTGTdXgHtIPx9hXCOXnZ2B4GIyghn0PkYgVE4v/pT6AnY80zrqr+C0uPwrm5x WnOQWu+dX/wSVpOAeike+EV07qCpvGfKVd1TcWU/H4vsyisZLecF28OFRNQB343q SS+bnrECgYEA8QsaOjUmwHRLShTtG//XdBP3AffdkmzObWjS8vNKajLANkZU9ACp G+HA7xTMM3INmpXqYs0/kpoBrVZFuJN7bZaUWEUuGUAv1FKDIMFXbAHAQDYhCaZf vzaA5HukVhxyVYPia6OIAmgP33ZcTfAaJRV6mqrJeOUZjx1bxGHWofkCgYEA+ZeF cVPJAjo4xpa+g1uKityfqQQ2uzx3IqQJTnq1e8RbXPAsIblVsGIhq0YTcDM5b2xQ FDOxutl0SD9wBklzUoP2HWhlpdiQtl2Snm0oLUSOewV3SbnPGtWlFVh0T9V79Sdx OXTV9hyJvcjpj28yy/wRf6SVxSFSixVIRdhXbrsCgYA5+OOb8ECbtNyOuq20ODoH Tu3vaT+/AbA8HCPwDpdtJzuXUh8IeEgzzn3qgmQCU4H2FexDSv3pMmUI3WDzXXUo DDktaaYGqKtYM2gaLqXp8hnc16fmfD8269LgIOSLWVgePRPts2z4tzJqGjtk+0Qu exX7sOu3ydH126fAeY93cQKBgQCFPrHbpVobGU/0HMfKQpV8unl19qztWkNTt/TL 89BtKY+I1yMIQfQP/ONyly+LZ51S8aTylAJe+PYOF+fLQ20QcShz3KbfWfUvllbO wwF+4SmbXXioYEzDS6kc8yLs99B8OTlF7izHfca/DcI6c6fPpFsHJKtcGQUDATKb LvrGPwKBgQDt61O1w7Tgl4eeudfnaHASIyl04Hwaq+ldGoDyGe1uAYymqHiJjzC+ Dt2itQpAECrxTd9EVOSZXfSpduDdofdojzU8Rp3lDhyotJblBIePueV2bTU2W+B2 K73QnryggypTWCc7fOmiuIlc1gCH16O3TiDZks4tkYTIGBD8W8d2+w== -----END RSA PRIVATE KEY----- [root@cm-dssn-node1 secu]#

wenkesong-li commented 2 months ago

你好，调用时使用的证书是否从容器内copy出来的，路径是否正确，文件是否有权限

gshilei commented 2 months ago

Hi @maclarencn 麻烦使用以下命令贴下输出结果： ls -lh /etc/kusciaapi* ls -lh /etc/ca.crt ls -lh /etc/token

secretflow / kuscia