Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Platform] Universe fails to create if user-supplied certificate is selected #4733

Closed
ajcaldera1 opened this issue Jun 10, 2020 · 0 comments
Closed

[Platform] Universe fails to create if user-supplied certificate is selected #4733

ajcaldera1 opened this issue Jun 10, 2020 · 0 comments
Assignees
@Arnav15
Labels
area/platform Yugabyte Platform
Milestone
v2.2

Comments

@ajcaldera1
Copy link
Contributor

When creating a universe with YSQL enabled, node-to-node encryption, and node-to-client encryption enabled, and passing a pre-uploaded certificate that had been previously uploaded to Yugaware via the Certificates menu, it fails with the following log message:

Failed to execute task java.util.concurrent.FutureTask@3d8f859e, hit error java.lang.RuntimeException: 2020-06-10 15:24:07,363 INFO: Found gcp cloud credentials in env.
2020-06-10 15:24:08,367 INFO: URL being requested: GET https://compute.googleapis.com/compute/beta/projects/yugabyte/aggregated/instances?filter=%28status+eq+RUNNING%29+%28name+eq+yb-1-ac-ysql-tls-test-2-n3%29&alt=json&maxResults=1
2020-06-10 15:24:08,367 INFO: Attempting refresh to obtain initial access_token
2020-06-10 15:24:08,386 INFO: Refreshing access_token
2020-06-10 15:24:08,737 INFO: Copying package from local '/opt/yugabyte/releases/2.1.8.0-b2/yugabyte-2.1.8.0-b2-centos-x86_64.tar.gz' to remote '/tmp/yugabyte-2.1.8.0-b2-centos-x86_64.tar.gz'
2020-06-10 15:24:23,507 INFO: Configuring Instance: yb-1-ac-ysql-tls-test-2-n3
2020-06-10 15:24:23,507 INFO: Creating and copying over client TLS certificate
2020-06-10 15:24:23,875 INFO: Connected (version 2.0, client OpenSSH_7.4)
2020-06-10 15:24:24,164 INFO: Authentication (publickey) successful!
2020-06-10 15:24:24,820 INFO: [chan 2] Opened sftp connection (server version 3)
Traceback (most recent call last):
  File "/opt/yugabyte/devops/python_virtual_env/bin/ybcloud.py", line 4, in <module>
    __import__('pkg_resources').run_script('ybops==0.4', 'ybcloud.py')
  File "/opt/yugabyte/devops/python_virtual_env/lib/python2.7/site-packages/pkg_resources/__init__.py", line 666, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/opt/yugabyte/devops/python_virtual_env/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1462, in run_script
    exec(code, namespace, namespace)
  File "/opt/yugabyte/devops/python_virtual_env/lib/python2.7/site-packages/ybops-0.4-py2.7.egg/EGG-INFO/scripts/ybcloud.py", line 15, in <module>
    YbCloud().run()
  File "/opt/yugabyte/devops/python_virtual_env/lib/python2.7/site-packages/ybops-0.4-py2.7.egg/ybops/cloud/ybcloud.py", line 54, in run
    self.options.func(self.options)
  File "/opt/yugabyte/devops/python_virtual_env/lib/python2.7/site-packages/ybops-0.4-py2.7.egg/ybops/cloud/common/method.py", line 76, in callback_wrapper
    self.callback(args)
  File "/opt/yugabyte/devops/python_virtual_env/lib/python2.7/site-packages/ybops-0.4-py2.7.egg/ybops/cloud/common/method.py", line 581, in callback
    self.cloud.generate_client_cert(self.extra_vars, ssh_options)
  File "/opt/yugabyte/devops/python_virtual_env/lib/python2.7/site-packages/ybops-0.4-py2.7.egg/ybops/cloud/common/cloud.py", line 253, in generate_client_cert
    'yugabytedb.crt'))
  File "/opt/yugabyte/devops/python_virtual_env/lib/python2.7/site-packages/ybops-0.4-py2.7.egg/ybops/utils/remote_shell.py", line 46, in put_file
    return self.ssh_conn.put(local_path, remote_path)
  File "/opt/yugabyte/devops/python_virtual_env/lib/python2.7/site-packages/fabric/connection.py", line 648, in put
    return Transfer(self).put(*args, **kwargs)
  File "/opt/yugabyte/devops/python_virtual_env/lib/python2.7/site-packages/fabric/transfer.py", line 225, in put
    sftp.put(localpath=local, remotepath=remote)
  File "/opt/yugabyte/devops/python_virtual_env/lib/python2.7/site-packages/paramiko/sftp_client.py", line 757, in put
    file_size = os.stat(localpath).st_size
OSError: [Errno 2] No such file or directory: '/opt/yugabyte/yugaware/data/certs/d33a1fc7-5d95-483c-a8c9-77323390ad86/831c07a5-2b8e-420e-9e21-70db343dbc69/yugabytedb.crt'.

If I examine the contents of that directory in the yugaware container, I see:

bash-4.4# pwd
/opt/yugabyte/yugaware/data/certs/d33a1fc7-5d95-483c-a8c9-77323390ad86/831c07a5-2b8e-420e-9e21-70db343dbc69
bash-4.4# ls -ltr
total 8
-rw-r--r--    1 root     root          1277 Jun 10 15:08 ca.root.crt
-rw-r--r--    1 root     root          1675 Jun 10 15:08 ca.key.pem
@ajcaldera1 ajcaldera1 added the area/platform Yugabyte Platform label Jun 10, 2020
@ajcaldera1 ajcaldera1 added this to the v2.2 milestone Jun 10, 2020
@Arnav15 Arnav15 assigned Arnav15 and unassigned WesleyW and ramkumarvs Jun 16, 2020
Arnav15 added a commit that referenced this issue Jul 1, 2020
@Arnav15
[#4733]: Fix universe creation with user provided cert.
a5e0199 
Summary:
Our current code did not create client certs for user provided certs, causing universe
creation to fail due to lack of the client cert files.

Test Plan:
Created a universe with a user provided cert and verified that it worked as expected.
Also added unit tests.

Reviewers: sanketh, ram, daniel

Reviewed By: ram, daniel

Subscribers: jenkins-bot, daniel, yugaware

Differential Revision: https://phabricator.dev.yugabyte.com/D8691
Arnav15 added a commit that referenced this issue Jul 6, 2020
@Arnav15
[#4733]: Fix universe creation with user provided cert.
09cf7d4 
Summary:
Our current code did not create client certs for user provided certs, causing universe
creation to fail due to lack of the client cert files.

Test Plan:
Created a universe with a user provided cert and verified that it worked as expected.
Also added unit tests.

Reviewers: sanketh, ram, daniel

Reviewed By: daniel

Subscribers: yugaware, daniel, jenkins-bot

Differential Revision: https://phabricator.dev.yugabyte.com/D8817
deeps1991 pushed a commit to deeps1991/yugabyte-db that referenced this issue Jul 22, 2020
@Arnav15 @deeps1991
[yugabyte#4733]: Fix universe creation with user provided cert.
7e9ee21 
Summary:
Our current code did not create client certs for user provided certs, causing universe
creation to fail due to lack of the client cert files.

Test Plan:
Created a universe with a user provided cert and verified that it worked as expected.
Also added unit tests.

Reviewers: sanketh, ram, daniel

Reviewed By: ram, daniel

Subscribers: jenkins-bot, daniel, yugaware

Differential Revision: https://phabricator.dev.yugabyte.com/D8691
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Arnav15 Arnav15

Labels
area/platform Yugabyte Platform
Projects
None yet
Milestone
v2.2
Development

No branches or pull requests
5 participants
@WesleyW @ramkumarvs @rkarthik007 @Arnav15 @ajcaldera1