'config-ert' error - routing_custom_ca_certificates param

[elric392]

Using release v0.23.4 downloaded from PivNet. Attempting install of PCF v2.1 on vSphere 6.5, running into error during 'config-ert' task on the pipeline.

Not understanding why the error is popping up, as the 'routing_custom_ca_certificates' param is listed as optional in the params.yml. I have not defined it in my params.yml file.

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.

The labels on this github issue will be updated when the story is started.

[nbconklin]

@elric392 What is your configuration params file have for ROUTING_CUSTOM_CA_CERTIFICATES in params file?

Should be set to:

ROUTING_CUSTOM_CA_CERTIFICATES: ""

[elric392]

In the 'params.yml' file .... I left it as the default. routing_custom_ca_certificates:

Which, when processed by Concourse, becomes .... ROUTING_CUSTOM_CA_CERTIFICATES: ""

I did try specifically setting the param to "" .... but it behaved the same.

[nbconklin]

We will look further into how this is happening as this appears to be an issue with configuration that is generated via jq . Have you modified any of the pipeline, tasks, scripts that you downloaded from pivnet?

[nbconklin]

If this line is not present in your file this is what exposes this variable to jq https://github.com/pivotal-cf/pcf-pipelines/blob/master/tasks/config-ert/task.sh#L137

[elric392]

I have not modified the pipeline from what I downloaded from PivNet, other than filling out the params file to pull values from Vault. And the 'routing_custom_ca_certificates' has no value .... so defaults ... "".

[jtarchie]

@elric392, I think theROUTING_CUSTOM_CA_CERTIFICATES might actually be red herring. I wondering if the other params that you have provided are not properly escaped for the bash script that they are used in. This could be cause the jq invocation to not get the correct arguments.

For example, I see that the routing_tls_termination is not properly escaped in quotes. What value do you have for that in your YAML? Obviously that is something we should fix, too.

[elric392]

'routing_tls_termination' is blank in my YAML.

[elric392]

Okay, the 'routing_custom_ca_certificates' was a red herring. The real issue was not defining ....

_routing_tlstermination and _frontend_idletimeout

Neither were defined by default with 'CHANGEME' as most of the 'required' params are ..... I apologize for my confusion.

[jtarchie]

No worries. Glad we could solves your issue. I'm going to close this as resolved! 👍