Hi Krzysztof,
The issue is with the application.properties file you are generating with the
init container.
In the application.properties file there's a line like this (the password for
readiness and liveness probe)
security.user.password:
{bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu
but after the initContainer the line becomes
security.user.password: {bcrypt}$2a$10/b32/Ys4R1iwSSawFgz7QNu
This is why the pod is never getting ready and the liveness probe just keeps
killing it.
This is the error from the logs
2020-03-17 19:23:28,204|||reactor-http-epoll-3||||WARN||||||| Encoded password
does not look like BCrypt
2020-03-17 19:23:28,216|||reactor-http-epoll-3||||ERROR||||||| [20c1a214] 500
Server Error for HTTP GET "/api/v1/execution-service/health-check"
org.springframework.security.authentication.BadCredentialsException: Bad
credentials
at
org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:93)
at
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:166)
at
org.onap.ccsdk.cds.blueprintsprocessor.security.AuthenticationManager.authenticate(AuthenticationManager.java:35)
at
org.onap.ccsdk.cds.blueprintsprocessor.security.SecurityContextRepository.load(SecurityContextRepository.java:53)
at
org.springframework.security.web.server.context.ReactorContextWebFilter.withSecurityContext(ReactorContextWebFilter.java:51)
at
org.springframework.security.web.server.context.ReactorContextWebFilter.lambda$filter$0(ReactorContextWebFilter.java:46)
I'm not sure what is causing the issue but you can check the init container.
Thanks,
Sebastien
On 2020-03-17, 08:55, "Krzysztof Opasiak" <[email protected]> wrote:
Hi Sebastien,
I've updated the CDS patch: https://gerrit.onap.org/r/#/c/oom/+/101287/
I've used init container to workaround lack of a new CDS image.
Unfortunately it turns out there is sth wrong with CDS but logs are not
helpful at all. I tried to debug this issue but I failed. From my point
of view the only thing that changed from application perspective is the
DB password. Could you please take a look into this patch and help me to
debug it or check in CDS source code if db password is not hardcoded
somewhere there?
On 26.02.2020 21:51, Premont-Tendland, Sebastien wrote:
> Dan,
>
> Can you create a docker image with the latest changes from ccsdk/cds
master branch for OOM changes?
>
> Thanks,
> Sebastien
>
> On 2020-02-26, 11:25, "Krzysztof Opasiak" <[email protected]> wrote:
>
> Hi Sebastien,
>
> would it be possible for you guys to release a new CDS docker image
> containing:
>
>
https://protect2.fireeye.com/url?k=721a6add-2fd05f6a-721be192-0cc47a3003e8-e6bf6e360efff2ab&u=https://gerrit.onap.org/r/#/c/ccsdk/cds/+/101857/
>
> so that I can go forward with my oom changes?
>
> On 18.02.2020 00:13, Premont-Tendland, Sebastien wrote:
> > Krzysztof,
> >
> > Your patch to pass username/password using environment variables
in application.properties should work properly once this patch is merged.
> >
> >
https://protect2.fireeye.com/url?k=1e8bb741-4345b692-1e8a3c0e-000babff317b-018b665488f389eb&u=https://gerrit.onap.org/r/c/ccsdk/cds/+/101857
> >
> > Thanks,
> > Sebastien
> >
> > On 2020-02-13, 14:22, "Krzysztof Opasiak" <[email protected]>
wrote:
> >
> >
> >
> > On 13.02.2020 20:19, Premont-Tendland, Sebastien wrote:
> > > Hi Krzysztof,
> > >
> > > I discussed internally with the team and we will remove the
credentials for the processor-db endpoints, it's not needed for CDS to work
properly. As for the actual cds-db credentials I'll create a story so we can
look into it. As far as I understand the way you did it should be working but
we will investigate further on our side. At least we have everything already
layout from OOM point of view with the work you did already.
> > >
> > > We'll be reaching out to you if we need more help
> >
> > Awesome! Thank you very much for your help!
> >
> > Best regards,
> > --
> > Krzysztof Opasiak
> > Samsung R&D Institute Poland
> > Samsung Electronics
> >
------------------------------------------------------------------------------
> > External Email: Please use caution when opening links and
attachments / Courriel externe: Soyez prudent avec les liens et documents joints
> >
> >
>
> --
> Krzysztof Opasiak
> Samsung R&D Institute Poland
> Samsung Electronics
>
------------------------------------------------------------------------------
> External Email: Please use caution when opening links and
attachments / Courriel externe: Soyez prudent avec les liens et documents joints
>
>
--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics
------------------------------------------------------------------------------
External Email: Please use caution when opening links and attachments /
Courriel externe: Soyez prudent avec les liens et documents joints
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20285): https://lists.onap.org/g/onap-discuss/message/20285
Mute This Topic: https://lists.onap.org/mt/71034023/21656
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
