Hi Sebastien,
On 17.03.2020 20:26, Premont-Tendland, Sebastien wrote:
> Hi Krzysztof,
>
> The issue is with the application.properties file you are generating with the
> init container.
>
> In the application.properties file there's a line like this (the password for
> readiness and liveness probe)
>
> security.user.password:
> {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu
>
> but after the initContainer the line becomes
>
> security.user.password: {bcrypt}$2a$10/b32/Ys4R1iwSSawFgz7QNu
>
> This is why the pod is never getting ready and the liveness probe just keeps
> killing it.
>
> This is the error from the logs
>
> 2020-03-17 19:23:28,204|||reactor-http-epoll-3||||WARN||||||| Encoded
> password does not look like BCrypt
> 2020-03-17 19:23:28,216|||reactor-http-epoll-3||||ERROR||||||| [20c1a214] 500
> Server Error for HTTP GET "/api/v1/execution-service/health-check"
> org.springframework.security.authentication.BadCredentialsException: Bad
> credentials
> at
> org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:93)
> at
> org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:166)
> at
> org.onap.ccsdk.cds.blueprintsprocessor.security.AuthenticationManager.authenticate(AuthenticationManager.java:35)
> at
> org.onap.ccsdk.cds.blueprintsprocessor.security.SecurityContextRepository.load(SecurityContextRepository.java:53)
> at
> org.springframework.security.web.server.context.ReactorContextWebFilter.withSecurityContext(ReactorContextWebFilter.java:51)
> at
> org.springframework.security.web.server.context.ReactorContextWebFilter.lambda$filter$0(ReactorContextWebFilter.java:46)
>
> I'm not sure what is causing the issue but you can check the init container.
Thank you for your valuable help! I should have thought about this...
I know what's happening. It's envsubst command that reads the content of
password and interprets $ as references to environment variable which
should be substituted by this command.
I know how to fix this. I'll send fix in a few minutes.
Thank you so much once again.
>
> Thanks,
> Sebastien
>
> On 2020-03-17, 08:55, "Krzysztof Opasiak" <[email protected]> wrote:
>
> Hi Sebastien,
>
> I've updated the CDS patch:
> https://protect2.fireeye.com/url?k=b4954287-e941feef-b494c9c8-0cc47a3356b2-6da9419097dcf36e&u=https://gerrit.onap.org/r/#/c/oom/+/101287/
>
> I've used init container to workaround lack of a new CDS image.
> Unfortunately it turns out there is sth wrong with CDS but logs are not
> helpful at all. I tried to debug this issue but I failed. From my point
> of view the only thing that changed from application perspective is the
> DB password. Could you please take a look into this patch and help me to
> debug it or check in CDS source code if db password is not hardcoded
> somewhere there?
>
> On 26.02.2020 21:51, Premont-Tendland, Sebastien wrote:
> > Dan,
> >
> > Can you create a docker image with the latest changes from ccsdk/cds
> master branch for OOM changes?
> >
> > Thanks,
> > Sebastien
> >
> > On 2020-02-26, 11:25, "Krzysztof Opasiak" <[email protected]>
> wrote:
> >
> > Hi Sebastien,
> >
> > would it be possible for you guys to release a new CDS docker
> image
> > containing:
> >
> >
> https://protect2.fireeye.com/url?k=721a6add-2fd05f6a-721be192-0cc47a3003e8-e6bf6e360efff2ab&u=https://gerrit.onap.org/r/#/c/ccsdk/cds/+/101857/
> >
> > so that I can go forward with my oom changes?
> >
> > On 18.02.2020 00:13, Premont-Tendland, Sebastien wrote:
> > > Krzysztof,
> > >
> > > Your patch to pass username/password using environment
> variables in application.properties should work properly once this patch is
> merged.
> > >
> > >
> https://protect2.fireeye.com/url?k=1e8bb741-4345b692-1e8a3c0e-000babff317b-018b665488f389eb&u=https://gerrit.onap.org/r/c/ccsdk/cds/+/101857
> > >
> > > Thanks,
> > > Sebastien
> > >
> > > On 2020-02-13, 14:22, "Krzysztof Opasiak"
> <[email protected]> wrote:
> > >
> > >
> > >
> > > On 13.02.2020 20:19, Premont-Tendland, Sebastien wrote:
> > > > Hi Krzysztof,
> > > >
> > > > I discussed internally with the team and we will remove
> the credentials for the processor-db endpoints, it's not needed for CDS to
> work properly. As for the actual cds-db credentials I'll create a story so we
> can look into it. As far as I understand the way you did it should be working
> but we will investigate further on our side. At least we have everything
> already layout from OOM point of view with the work you did already.
> > > >
> > > > We'll be reaching out to you if we need more help
> > >
> > > Awesome! Thank you very much for your help!
> > >
> > > Best regards,
> > > --
> > > Krzysztof Opasiak
> > > Samsung R&D Institute Poland
> > > Samsung Electronics
> > >
> ------------------------------------------------------------------------------
> > > External Email: Please use caution when opening links and
> attachments / Courriel externe: Soyez prudent avec les liens et documents
> joints
> > >
> > >
> >
> > --
> > Krzysztof Opasiak
> > Samsung R&D Institute Poland
> > Samsung Electronics
> >
> ------------------------------------------------------------------------------
> > External Email: Please use caution when opening links and
> attachments / Courriel externe: Soyez prudent avec les liens et documents
> joints
> >
> >
>
> --
> Krzysztof Opasiak
> Samsung R&D Institute Poland
> Samsung Electronics
>
> ------------------------------------------------------------------------------
> External Email: Please use caution when opening links and attachments /
> Courriel externe: Soyez prudent avec les liens et documents joints
>
>
--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20286): https://lists.onap.org/g/onap-discuss/message/20286
Mute This Topic: https://lists.onap.org/mt/71034023/21656
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
