Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TASK [dare.common.microk8s : read in given tls.crt to variable] now fails for monolithic deployment #117

Open
mikej888 opened this issue Oct 19, 2023 · 1 comment
Open

TASK [dare.common.microk8s : read in given tls.crt to variable] now fails for monolithic deployment #117

mikej888 opened this issue Oct 19, 2023 · 1 comment

Comments

@mikej888
Copy link
Collaborator

Running monolithic_mk8s_example/1-vm-setup-and-deploy.yaml (originally from DARE-SeRP-Dev-Deployment Version: 43f688f (Thu Sep 14 17:15:42 2023 +0100) main branch) now fails with the current dare.common collection.

$ ansible-galaxy install -r requirements.yaml 
Cloning into '/home/ubuntu/.ansible/tmp/ansible-local-103006_rp_t2rm/tmp94xn4jbl/DARE-Teleportcgtcu3jt'...
...
dare.common:1.1.0 was installed successfully
$ ansible-playbook -i inventories/eidf-tre-teleport.yaml 1-vm-setup-and-deploy-epcc.yaml -v
...
TASK [dare.common.microk8s : read in given tls.crt to variable] ****************
fatal: [single_host]: FAILED! => {"msg": "The 'file' lookup had an issue accessing the file ''. an error occurred while trying to read the file '/home/ubuntu/.ansible/collections/ansible_collections/dare/common/roles/microk8s/files/': [Errno 21] Is a directory: b'/home/ubuntu/.ansible/collections/ansible_collections/dare/common/roles/microk8s/files'. [Errno 21] Is a directory: b'/home/ubuntu/.ansible/collections/ansible_collections/dare/common/roles/microk8s/files'"}

PLAY RECAP *********************************************************************
single_host                : ok=16   changed=9    unreachable=0    failed=1    skipped=6    rescued=0    ignored=0

The dare.common version I'd used up to now just predated commit 0df324f, Tue Oct 3 11:52:38 2023 +0100 fix(prom-stack): use server side apply for argo due to bundle size (#95).

From the commits after that it seems the problem is due to changes at commit f35d8f5, Wed Oct 11 12:53:06 2023 +0100 feat(mk8s): configure cert-manager with clusterIssuer as part of microk8s installation (#100).
@mikej888
Copy link
Collaborator Author

It looked like the playbook now needs to provide values for cert_manager_tls_cert_file and cert_manager_tls_key_file

I createda self-signed private key and public certificate with 1 year validity:

$ openssl req -x509 -newkey rsa:4096 -keyout teleport-key.pem -out teleport-cert.pem \
  -sha256 -days 365 -nodes \
  -subj "/C=UK/ST=Scotland/L=Edinburgh/O=UniversityOfEdinburgh/OU=EPCC/CN=teleport"

I updated 1-vm-setup-and-deploy.yaml:

    ##############################
    #### dare.common.microk8s ####
    ##############################

    # plugins to enable for microk8s
    microk8s_plugins:
      dns: true
      ingress: true
      cert-manager: true
      hostpath-storage: true
...
+    cert_manager_tls_cert_file: "teleport-cert.pem"
+    cert_manager_tls_key_file: "teleport-key.pem"

Reran playbook:

$ ansible-playbook -i inventories/eidf-tre-teleport.yaml 1-vm-setup-and-deploy.yaml -v
...
PLAY RECAP *********************************************************************
single_host                : ok=115  changed=49   unreachable=0    failed=0    skipped=44   rescued=0    ignored=1

Is creating the certificate and keys in this way what was required? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mikej888