Comments (3)
First attempt to scale relay server (2 replicas) with an imported cluster in my local Kind setup. Paralus server got crashed with below error.
{"AccountID":"","PartnerID":"","OrganizationID":"","Username":"","IsSSO":false,"EnforceSession":false,"SessionType":"","SystemUser":false,"RelayNetwork":false}}
panic: uuid: Parse(): invalid UUID length: 0
goroutine 405 [running]:
github.com/google/uuid.MustParse({0x0, 0x0})
/go/pkg/mod/github.com/google/[email protected]/uuid.go:163 +0xb9
github.com/paralus/paralus/pkg/service.(*accountPermissionService).GetAccount(0xc000593388, {0x239ebc0, 0xc0005413b0}, {0x0, 0x0})
/build/pkg/service/account_permission.go:91 +0x33
github.com/paralus/paralus/server.(*auditInfoServer).LookupUser(0xc00049c660, {0x239ebc0, 0xc0005413b0}, 0xc0003dcfc0)
/build/server/audit_info.go:47 +0x367
github.com/paralus/paralus/proto/rpc/sentry._AuditInformationService_LookupUser_Handler({0x1dda6e0, 0xc00049c660}, {0x239ebc0, 0xc0005413b0}, 0xc0000bb080, 0x0)
/build/proto/rpc/sentry/audit_info_grpc.pb.go:91 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0005ee1c0, {0x23d4b70, 0xc000315040}, 0xc0003c5c20, 0xc000aceff0, 0x365f220, 0x0)
/go/pkg/mod/google.golang.org/[email protected]/server.go:1282 +0xccf
google.golang.org/grpc.(*Server).handleStream(0xc0005ee1c0, {0x23d4b70, 0xc000315040}, 0xc0003c5c20, 0x0)
/go/pkg/mod/google.golang.org/[email protected]/server.go:1616 +0xa2a
google.golang.org/grpc.(*Server).serveStreams.func1.2()
/go/pkg/mod/google.golang.org/[email protected]/server.go:921 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
/go/pkg/mod/google.golang.org/[email protected]/server.go:919 +0x294
Looks like common name (or entire peer certificate) is missing the request coming to relay server. Auditing handler - https://github.com/paralus/relay/blob/cc8661975750da3f4c6e156d72d8a955d9ccf6cd/pkg/audit/audit.go#L69
from paralus.
Fixing above issue and scaling up relay server cause failure accessing target cluster.
kubectl get pod --kubeconfig [email protected]
E1025 22:24:11.932897 218790 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E1025 22:24:11.934600 218790 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E1025 22:24:11.936381 218790 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E1025 22:24:11.938531 218790 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E1025 22:24:11.940673 218790 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)
from paralus.
When no dialin conn key (dialinsni) in dialin pool then we lookup peer cache - https://github.com/paralus/relay/blob/cc8661975750da3f4c6e156d72d8a955d9ccf6cd/pkg/tunnel/server.go#L679
But there is no routine found that is inserting relay peer to peer cache. -
paralus/pkg/sentry/peering/peering.go
Line 49 in cc1a68a
from paralus.
Related Issues (20)
- Not able to spin up the environment using docker-compose HOT 1
- Enabling SSL caused relay-agent registration to fail. HOT 2
- Comma separated Okta groups are considered as Single group by Paralus HOT 3
- Cluster status - heartbeat: Ability to regularly check in on the target cluster status HOT 3
- RW access on ADMIN_READ_ONLY role HOT 5
- Cannot install Paralus when using a managed PostgreSQL database HOT 4
- Problem with golang library in Relay server HOT 4
- Issue while generating user recovery link
- unable to access paralus dashboard HOT 4
- Unable to download cli config for non-admin users HOT 3
- Support SAML authentication
- Adopt a license scanning tool HOT 1
- Add post upgrade db update steps for release v0.2.4
- How to auto register new EKS cluster into paralus dashboard automatically
- revamp initialize module, currenty if permissions are added / modified, redeploying does not consider those HOT 1
- Please provide an ability/Command to register the EKS cluster via CLI
- pctl create user/group not working as expected HOT 1
- Report the use of components with vulnerabilities in paralus HOT 1
- Documentation error @enable ssl setup
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from paralus.