ryan
August 11, 2023, 3:03pm
1
Hi again
I have deployed the partner-onboarder module with the following values.yml configuration file. (just default)
onboarding:
modules:
- name: ida
enabled: true
- name: print
enabled: true
- name: abis
enabled: true
- name: resident
enabled: true
- name: mobileid
enabled: true
- name: digitalcard
enabled: false
- name: esignet
enabled: false
- name: demo-oidc
enabled: false
- name: resident-oidc
enabled: false
- name: mimoto-keybinding
enabled: true
After the pod starts, I checked the pod logs and the generated reports, and it seems to be related to certificate downloading issues. Below is an excerpt from one of the pod logs and the report.
How should I address this problem? I chose the option “I don’t have public domain & valid SSL certificate.” Are there any prerequisites or steps I should take before proceeding?
Onboarding default partners
KEYCLOAK_CLIENT = mosip-deployment-client
KEYCLOAK ADMIN USER : admin
URL : https://api-internal.sandbox.miaxis.com and https://api.sandbox.miaxis.com
Uploading mpartner-default-abis cert
newman
onboarding Copy
❏ cert_download
↳ authenticate-as-cert-manager
POST https://api-internal.sandbox.miaxis.com/v1/authmanager/authenticate/clientidsecretkey [errored]
self-signed certificate
┌─────────────────────────┬──────────┬──────────┐
│ │ executed │ failed │
├─────────────────────────┼──────────┼──────────┤
│ iterations │ 1 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ requests │ 1 │ 1 │
├─────────────────────────┼──────────┼──────────┤
│ test-scripts │ 0 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ prerequest-scripts │ 2 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ assertions │ 0 │ 0 │
├─────────────────────────┴──────────┴──────────┤
│ total run duration: 7.3s │
├───────────────────────────────────────────────┤
│ total data received: 0B (approx) │
└───────────────────────────────────────────────┘
# failure detail
1. Error
self-signed certificate
at request
inside "cert_download / authenticate-as-cert-manager"
ryan
August 14, 2023, 2:54am
2
Do I need to upload the certificates in advance? It seems like there wasn’t any step during the deployment process that required me to upload certificates. Also, my certificates are self-signed. Can I use them?
Hey @ryan
Regarding the certificate upload while partner onboarding , I have asked my team member to check whether the self-signed certificates can be used or not ,so our team will get back to you on this asap.
Best Regards,
Team MOSIP
ryan
August 15, 2023, 5:34am
4
Here is the complete pod log for the pod " partner-onboarder-ida " during onboarding. Does the log indicate an error during certificate upload? Are these certificates the root-cert.pem and ca.crt from the configmap? These two certificates seem to be self-generated and were automatically copied from the default namespace during the IDA module deployment.
Onboarding default partners
KEYCLOAK_CLIENT = mosip-deployment-client
KEYCLOAK ADMIN USER : admin
URL : https://api-internal.sandbox.miaxis.com and https://api.sandbox.miaxis.com
Uploading ida root cert
newman
onboarding Copy
❏ cert_download
↳ authenticate-as-cert-manager
POST https://api-internal.sandbox.miaxis.com/v1/authmanager/authenticate/clientidsecretkey [errored]
self-signed certificate
┌─────────────────────────┬──────────┬──────────┐
│ │ executed │ failed │
├─────────────────────────┼──────────┼──────────┤
│ iterations │ 1 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ requests │ 1 │ 1 │
├─────────────────────────┼──────────┼──────────┤
│ test-scripts │ 0 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ prerequest-scripts │ 2 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ assertions │ 0 │ 0 │
├─────────────────────────┴──────────┴──────────┤
│ total run duration: 2.4s │
├───────────────────────────────────────────────┤
│ total data received: 0B (approx) │
└───────────────────────────────────────────────┘
# failure detail
1. Error
self-signed certificate
at request
inside "cert_download / authenticate-as-cert-manager"
Uploading ida cert
newman
onboarding Copy
❏ cert_download
↳ authenticate-as-cert-manager
POST https://api-internal.sandbox.miaxis.com/v1/authmanager/authenticate/clientidsecretkey [errored]
self-signed certificate
┌─────────────────────────┬──────────┬──────────┐
│ │ executed │ failed │
├─────────────────────────┼──────────┼──────────┤
│ iterations │ 1 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ requests │ 1 │ 1 │
├─────────────────────────┼──────────┼──────────┤
│ test-scripts │ 0 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ prerequest-scripts │ 2 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ assertions │ 0 │ 0 │
├─────────────────────────┴──────────┴──────────┤
│ total run duration: 2.3s │
├───────────────────────────────────────────────┤
│ total data received: 0B (approx) │
└───────────────────────────────────────────────┘
# failure detail
1. Error
self-signed certificate
at request
inside "cert_download / authenticate-as-cert-manager"
Uploading mpartner-default-auth cert
newman
onboarding Copy
❏ cert_download
↳ authenticate-as-cert-manager
POST https://api-internal.sandbox.miaxis.com/v1/authmanager/authenticate/clientidsecretkey [errored]
self-signed certificate
┌─────────────────────────┬──────────┬──────────┐
│ │ executed │ failed │
├─────────────────────────┼──────────┼──────────┤
│ iterations │ 1 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ requests │ 1 │ 1 │
├─────────────────────────┼──────────┼──────────┤
│ test-scripts │ 0 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ prerequest-scripts │ 2 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ assertions │ 0 │ 0 │
├─────────────────────────┴──────────┴──────────┤
│ total run duration: 2.6s │
├───────────────────────────────────────────────┤
│ total data received: 0B (approx) │
└───────────────────────────────────────────────┘
# failure detail
1. Error
self-signed certificate
at request
inside "cert_download / authenticate-as-cert-manager"
Uploading ida cred cert to keymanager for zero knowledge encryption
newman
onboarding Copy
❏ cert_download
↳ authenticate-as-cert-manager
POST https://api-internal.sandbox.miaxis.com/v1/authmanager/authenticate/clientidsecretkey [errored]
self-signed certificate
┌─────────────────────────┬──────────┬──────────┐
│ │ executed │ failed │
├─────────────────────────┼──────────┼──────────┤
│ iterations │ 1 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ requests │ 1 │ 1 │
├─────────────────────────┼──────────┼──────────┤
│ test-scripts │ 0 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ prerequest-scripts │ 2 │ 0 │
├─────────────────────────┼──────────┼──────────┤
│ assertions │ 0 │ 0 │
├─────────────────────────┴──────────┴──────────┤
│ total run duration: 2.2s │
├───────────────────────────────────────────────┤
│ total data received: 0B (approx) │
└───────────────────────────────────────────────┘
# failure detail
1. Error
self-signed certificate
at request
inside "cert_download / authenticate-as-cert-manager"
=========================== PUSHING REPORTS TO S3 ================================================
S3_HOST: http://minio.minio:9000
S3_REGION:
S3_USER_KEY: admin
S3_USER_SECRET: XzgR4AXrmp
S3_BUCKET_NAME:
Added `s3` successfully.
mc: <ERROR> Unable to make bucket, please use `mc mb s3/your-bucket-name`. Bucket name cannot be empty.
`/home/mosip/reports/ida-ca.html` -> `s3/reports/ida-ca.html`
`/home/mosip/reports/ida-cred.html` -> `s3/reports/ida-cred.html`
`/home/mosip/reports/ida-root.html` -> `s3/reports/ida-root.html`
`/home/mosip/reports/ida-partner.html` -> `s3/reports/ida-partner.html`
Total: 0 B, Transferred: 196.74 KiB, Speed: 1.97 MiB/s
Reports pushed to minio
Onboarding completed!
1 Like
ryan
August 15, 2023, 9:28am
5
Alright, I’ve resolved it myself. I checked the install.sh script and the scripts in mosip-onboarding, and I found that the ENABLE_INSECURE variable wasn’t being passed. After modifying the pod’s YAML file, it worked successfully.
Hi @ryan
As I can see your last message according to that your issue is resolved for partner onboarding and you were able to pass ENABLE_INSECURE variable and modifying the pod’s YAML file, it worked successfully.
Just keep a check is there anything else which we can help you out with.
Best Regards,
Team MOSIP.