8000 Nil error in authn_k8s/inject_client_cert.rb · Issue #1945 · cyberark/conjur · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Nil error in authn_k8s/inject_client_cert.rb 8000 #1945

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 of 3 tasks
hughsaunders opened this issue Nov 18, 2020 · 1 comment
Open
1 of 3 tasks

Nil error in authn_k8s/inject_client_cert.rb #1945

hughsaunders opened this issue Nov 18, 2020 · 1 comment
Labels
component/conjur kind/bug

Comments

@hughsaunders
Copy link
Contributor
hughsaunders commented Nov 18, 2020
edited
Loading

Summary

When kubernetes-conjur-deploy deploys a follower pod in k8s, sometimes it fails to become ready and shows the following in the logs:

<13>1 2020-11-16T23:39:55.435+00:00 conjur-follower-58484f5f6c-t2rjn nginx - - [meta sequenceId="17"] 10.128.0.1 "-" "POST /authn-k8s/openshift%2Fsxa/inject_client_cert HTTP/1.1" 401 5 "-" "Go-http-client/1.1" 0.009 0.009
<14>1 2020-11-16T23:40:00.000+00:00 conjur-follower-58484f5f6c-t2rjn conjur-possum 823 - [meta sequenceId="18"] [origin=10.128.0.1] [request_id=703fbf22-4089-4a38-b7b8-d7ea70fdabac] [tid=7315] Started POST "/authn-k8s/openshift%2Fsxa/inject_client_cert" for 10.128.0.1 at 2020-11-16 23:40:00 +0000
<14>1 2020-11-16T23:40:00.000+00:00 conjur-follower-58484f5f6c-t2rjn conjur-possum 823 - [meta sequenceId="19"] [origin=10.128.0.1] [request_id=703fbf22-4089-4a38-b7b8-d7ea70fdabac] [tid=7315] Processing by AuthenticateController#k8s_inject_client_cert as HTML
<14>1 2020-11-16T23:40:00.000+00:00 conjur-follower-58484f5f6c-t2rjn conjur-possum 823 - [meta sequenceId="20"] [origin=10.128.0.1] [request_id=703fbf22-4089-4a38-b7b8-d7ea70fdabac] [tid=7315]   Parameters: {:controller=>"authenticate", :action=>"k8s_inject_client_cert", :service_id=>"openshift/sxa"}
<14>1 2020-11-16T23:40:00.000+00:00 conjur-follower-58484f5f6c-t2rjn conjur-possum 823 - [meta sequenceId="21"] [origin=10.128.0.1] [request_id=703fbf22-4089-4a38-b7b8-d7ea70fdabac] [tid=7315] Authentication Error: #<NoMethodError: undefined method `id' for nil:NilClass>
<14>1 2020-11-16T23:40:00.000+00:00 conjur-follower-58484f5f6c-t2rjn conjur-possum 823 - [meta sequenceId="22"] [origin=10.128.0.1] [request_id=703fbf22-4089-4a38-b7b8-d7ea70fdabac] [tid=7315] Completed 401 Unauthorized in 5ms

Steps to Reproduce

Steps to reproduce the behavior:

  1. Deploy conjur instance with xa-cluster
  2. Deploy conjur follower instance to openshift with kubernetes-conjur-deploy
  3. Obtain follower pod logs, and see the error shown above.

Expected Results

No nill errors

Actual Results (including error logs, if applicable)

See the logs shown above

Reproducible

  • Always
  • Sometimes
  • Non-Reproducible

I have reproduced this multiple times, but the kubernetes-conjur-deploy build still works, so maybe this is a usecase that isn't tested by the pipeline for that repo.

Version/Tag number

Appliance 5.11.0

Environment setup

Conjur in ec2 via xa-cluster, k8s follower in oc 3.11 (Dev account) via kubernetes-conjur-deploy

Additional Information

I have worked around this issue by manually changing host.id to "host.id" on L164 and L177 of app/domain/authentication/authn_k8s/inject_client_cert.rb after deployment. This isn't ideal, but got the environment up and running.

Related

  • conjurinc/ops#692 - The build ticket for the environment where I came across this. Plenty of detail about the envionment in there.
@hughsaunders hughsaunders changed the title nil error in authn_k8s/inject_client_cert.rb Nil error in authn_k8s/inject_client_cert.rb Nov 18, 2020
@izgeri
Copy link
Contributor
izgeri commented Nov 23, 2020

@jonahx can you lend your Ruby expertise to help me understand why quotes around host.id in this file would make a difference to the error @hughsaunders is seeing above?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/conjur kind/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hughsaunders @izgeri
0