dkrantsberg opened a new issue #6666: URL: https://github.com/apache/apisix/issues/6666
### Current Behavior I've enabled `openid-connect` plugin on a route but it when making a request to this route causes nginx process to crash (see debug level logs below). I'm running it on Mac M1 (arm64) so this issue could be specific to arm64. It looks like it executes successfully up to this point: https://github.com/zmartzone/lua-resty-openidc/blob/master/lib/resty/openidc.lua#L567 Then [client.lua](https://github.com/apache/apisix/blob/master/apisix/core/dns/client.lua) and [resolver.lua](https://github.com/apache/apisix/blob/master/apisix/core/resolver.lua) somehow get involved and it results in `nginx` crashing: ``` worker process 48 exited on signal 11 ``` This could be specific to arm64. I haven't tried it with x64. ### Expected Behavior Expected normal oidc flow ### Error Logs 2022/03/20 16:18:19 [info] 48#48: *1893 [lua] radixtree.lua:346: pre_insert_route(): path: /get operator: =, client: 172.26.0.1, server: _, request: "GET /get HTTP/1.1", host: "localhost:9080" 2022/03/20 16:18:19 [info] 48#48: *1893 [lua] init.lua:398: http_access_phase(): matched route: {"orig_modifiedIndex":779,"createdIndex":178,"clean_handlers":"table: 0x1cadece16508","value":{"create_time":1647628837,"id":"5","plugins":{"openid-connect":{"bearer_only":true,"discovery":"https:\/\/auth.my-auth-server.org\/_api\/auth\/mytenant\/.well-known\/openid-configuration","timeout":3,"access_token_in_authorization_header":true,"ssl_verify":false,"set_userinfo_header":true,"set_access_token_header":true,"realm":"apisix","client_id":"mytenant-ui","scope":"openid","client_secret":"9180987f-bc65-6482-9300-812d3719faa6","logout_path":"\/logout","set_id_token_header":true,"introspection_endpoint_auth_method":"client_secret_basic"}},"update_time":1647654404,"uri":"\/get","status":1,"priority":0,"upstream":{"hash_on":"vars","type":"roundrobin","parent":{"orig_modifiedIndex":779,"createdIndex":178,"clean_handlers":{},"value":"table: 0x1cadecfab320","key":"\/apisix\/routes\/5","update_co unt":0,"modifiedIndex":779,"has_domain":true},"scheme":"http","pass_host":"pass","nodes":[{"weight":1,"host":"httpbin.org","port":80}]}},"key":"\/apisix\/routes\/5","update_count":0,"modifiedIndex":779,"has_domain":true}, client: 172.26.0.1, server: _, request: "GET /get HTTP/1.1", host: "localhost:9080" 2022/03/20 16:18:19 [debug] 48#48: *1893 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://auth.my-auth-server.org/_api/auth/mytenant/.well-known/openid-configuration 2022/03/20 16:18:19 [debug] 48#48: *1893 [lua] openidc.lua:571: openidc_discover(): discovery data not in cache, making call to discovery endpoint 2022/03/20 16:18:19 [debug] 48#48: *1893 [lua] openidc.lua:408: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy 2022/03/20 16:18:19 [info] 48#48: *1893 [lua] client.lua:126: dns_parse(): dns resolve auth.my-auth-server.org, result: {"name":"auth.my-auth-server.org","class":1,"address":"38.134.56.123","ttl":4502,"section":1,"type":1}, client: 172.26.0.1, server: _, request: "GET /get HTTP/1.1", host: "localhost:9080" 2022/03/20 16:18:19 [info] 48#48: *1893 [lua] resolver.lua:39: parse_domain(): parse addr: {"name":"auth.my-auth-server.org","class":1,"type":1,"section":1,"address":"38.134.56.123","ttl":4502}, client: 172.26.0.1, server: _, request: "GET /get HTTP/1.1", host: "localhost:9080" 2022/03/20 16:18:19 [info] 48#48: *1893 [lua] resolver.lua:40: parse_domain(): resolver: ["127.0.0.11"], client: 172.26.0.1, server: _, request: "GET /get HTTP/1.1", host: "localhost:9080" 2022/03/20 16:18:19 [info] 48#48: *1893 [lua] resolver.lua:41: parse_domain(): host: auth.my-auth-server.org, client: 172.26.0.1, server: _, request: "GET /get HTTP/1.1", host: "localhost:9080" 2022/03/20 16:18:19 [info] 48#48: *1893 [lua] resolver.lua:43: parse_domain(): dns resolver domain: auth.my-auth-server.org to 38.134.56.123, client: 172.26.0.1, server: _, request: "GET /get HTTP/1.1", host: "localhost:9080" 2022/03/20 16:18:19 [info] 52#52: *1916 [lua] timers.lua:39: run timer[plugin#server-info], context: ngx.timer 2022/03/20 16:18:19 [notice] 1#1: signal 17 (SIGCHLD) received from 48 2022/03/20 16:18:19 [alert] 1#1: worker process 48 exited on signal 11 2022/03/20 16:18:19 [notice] 1#1: start worker process 59 2022/03/20 16:18:19 [notice] 1#1: signal 29 (SIGIO) received 2022/03/20 16:18:19 [notice] 59#59: sched_setaffinity(): using cpu #3 ### Steps to Reproduce 1. Run `docker-compose` with this file: https://github.com/apache/apisix-docker/blob/master/example/docker-compose-arm64.yml 1. Enable `openid-connect` plugin: ``` curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "uri": "/get", "plugins": { "openid-connect": { "client_id": "my-client", "client_secret": "XXXX-XXXX-XXX", "discovery": "https://my-auth-server/myapi/.well-known/openid-configuration";, "access_token_in_authorization_header": true, "bearer_only": true } }, "upstream": { "type": "roundrobin", "nodes": { "httpbin.org:80": 1 } } }' ``` 3. Make a request to the route: ``` curl -i -X GET http://127.0.0.1:9080/get -H "Authorization: Bearer #####token####" curl: (52) Empty reply from server ``` 4. Request results in no reply since nginx crashes ### Environment - Host OS: `macOS 12.2.1` - Docker version: `20.10.13` - APISIX version: `2.12.1` - Operating system: `Linux dc3c486f70f2 5.10.104-linuxkit #1 SMP PREEMPT Wed Mar 9 19:01:25 UTC 2022 aarch64 Linux` - OpenResty / Nginx version: `openresty/1.19.9.1` - etcd version: `3.4.16` - Plugin runner version: not sure how to get it - LuaRocks version: `3.8.0` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
