traefik generating incorrect certification

Pishoy commented 5 years ago

am trying to generate a certificate using reverse proxy template but it generate incorrect certification steps as below :

1 - connect to local 0-robot and create a reverse proxy service

robot = j.clients.zrobot.robots.get('local')
In [24]: args = {                                                                
    ...:     'webGateway': 'wg',                                                                                                              
    ...:     'domain': 'supportu.gird.tf',
    ...:     'servers': ['http://10.102.90.219:8085']
    ...: }
In [24]: service = robot.services.create('github.com/threefoldtech/0-templates/reverse_proxy/0.0.1', 'support_gird_tf', data=args)
In [24]: service.schedule_action('install').wait(die=True)

when check traefik container , it has a record for support.grid.tf as below

when test website in browser , i got error due to unsecure certs and pointing to incorrect CN (common name) as below

so it is creating certs with incorrect CN

Pishoy commented 5 years ago

i can not create a new websites certification when i checked etcds i found below errors

in node 10.102.90.219


2019-08-22 11:56:27.476009 W | etcdserver: read-only range request "key:\"/hosts/dns/stub/\" range_end:\"/hosts/dns/stub0\" " took too long (206.783009ms) to execute
2019-08-22 11:57:27.688073 W | etcdserver: read-only range request "key:\"/hosts/dns/stub/\" range_end:\"/hosts/dns/stub0\" " took too long (165.952917ms) to execute
2019-08-22 11:58:27.971026 W | etcdserver: read-only range request "key:\"/hosts/dns/stub/\" range_end:\"/hosts/dns/stub0\" " took too long (252.162258ms) to execute
2019-08-22 11:59:28.259527 W | etcdserver: read-only range request "key:\"/hosts/dns/stub/\" range_end:\"/hosts/dns/stub0\" " took too long (255.426898ms) to execute
2019-08-22 12:00:20.378985 I | auth: deleting token eprplWkzpnXyTjUw.203211 for user root
2019-08-22 12:00:28.474875 W | etcdserver: read-only range request "key:\"/hosts/dns/stub/\" range_end:\"/hosts/dns/stub0\" " took too long (174.389808ms) to execute
2019-08-22 12:00:38.378989 I | auth: deleting token yAqOOLCvZLoIJlqn.203214 for user root
2019-08-22 12:00:38.379020 I | auth: deleting token nojvuFxibhiqaBAf.203220 for user root
2019-08-22 12:01:28.718201 W | etcdserver: read-only range request "key:\"/hosts/dns/stub/\" range_end:\"/hosts/dns/stub0\" " took too long (210.702752ms) to execute

- in node 10.102.223.147

In [32]: f = ncl.containers.get('etcd_0a1a71c4-7262-479a-b501-d4659b94f250') In [33]: job = f.client.subscribe('etcd.0a1a71c4-7262-479a-b501-d4659b94f250')

In [34]: job.stream() 2019-08-22 11:53:09.386064 I | rafthttp: established a TCP streaming connection with peer 9127694cad515a48 (stream MsgApp v2 writer) 2019-08-22 11:53:09.386268 I | rafthttp: established a TCP streaming connection with peer 9127694cad515a48 (stream MsgApp v2 reader) 2019-08-22 11:53:10.073412 W | rafthttp: health check for peer 9127694cad515a48 could not connect: dial tcp 10.102.90.219:2380: getsockopt: connection refused 2019-08-22 11:55:27.138187 W | etcdserver: read-only range request "key:\"/traefik/frontends/3bot_org/redirect/entrypoint\" " took too long (613.644766ms) to execute 2019-08-22 11:55:40.953096 I | auth: deleting token ZGruEqrYhirbyNIL.203194 for user root 2019-08-22 11:56:00.953109 I | auth: deleting token iEHjiJVimrHuPHmB.203204 for user root 2019-08-22 11:56:00.953144 I | auth: deleting token MUSIUeUKBwLoZWyX.203198 for user root 2019-08-22 11:56:27.357958 W | etcdserver: read-only range request "key:\"/traefik/frontends/euroflow_io/headers/stsincludesubdomains\" " took too long (618.329414ms) to execute 2019-08-22 11:57:27.601244 W | etcdserver: read-only range request "key:\"/traefik/frontends/freeflowtokenS_com/redirect/regex\" " took too long (617.44949ms) to execute 2019-08-22 11:57:36.953109 I | auth: deleting token HugvGLYxcFsrPCeo.203209 for user root 2019-08-22 11:58:27.836626 W | etcdserver: read-only range request "key:\"/traefik/frontends/nbhdigitalcom/redirect/regex\" " took too long (612.281542ms) to execute

 - in node 3 10.102.26.154

In [36]: f = ncl.containers.get('etcd_463c3363-d9c8-407b-b456-80de34c9f5dd') In [37]: job = f.client.subscribe('etcd.463c3363-d9c8-407b-b456-80de34c9f5dd') In [38]: job.stream() 2019-08-22 11:53:09.386024 W | rafthttp: closed an existing TCP streaming connection with peer 9127694cad515a48 (stream MsgApp v2 writer) 2019-08-22 11:53:09.386052 I | rafthttp: established a TCP streaming connection with peer 9127694cad515a48 (stream MsgApp v2 writer) 2019-08-22 11:53:09.777258 W | rafthttp: health check for peer 9127694cad515a48 could not connect: dial tcp 10.102.90.219:2380: getsockopt: connection refused WARNING: 2019/08/22 11:53:35 grpc: Server.processUnaryRPC failed to write status connection error: desc = "transport is closing" 2019-08-22 11:55:40.766742 I | auth: deleting token ZGruEqrYhirbyNIL.203194 for user root 2019-08-22 11:56:00.766720 I | auth: deleting token MUSIUeUKBwLoZWyX.203198 for user root

Pishoy commented 5 years ago

after rebooting traefik , create certification for new websites works

threefoldtecharchive / 0-templates

traefik generating incorrect certification #315