Hi Team ,

I want to setup mosip using gcp and gke , the versions of kubernetes compatible for mosip is 1.24 but gke stable version is 1.27 , there is no lower version than this , can you help and also provide the documentation and charts compatible with it. There are several issues i face when deploying it in 1.27 version in clamav, regclient aswell as ida , the issues relate to scaling , pods not being up , etc.

Hi @Arjun_Bose , thank you for your question.
@syed.salman , please can you respond to the above question.

Yes please if someone can help on this.

@Arjun_Bose

Regarding the issues you have encountered, please follow the suggested actions outlined below:

ClamAV:
We recommend redeploying ClamAV with an updated chart version.
Please update the chart version to 3.1.0 in the install.sh script. In values.yaml, please comment out the tag line mosip-infra/deployment/v3/external/antivirus/clamav/values.yaml at 0b735c43291d555816a000952b629b5bb37a7a3d · mosip/mosip-infra · GitHub.

IDA and RegClient:
We require additional information to provide a more detailed resolution for IDA and RegClient. Please provide the log files and error messages for these components so we can offer a comprehensive solution.

what about the compatibility factor , for example in the docs its mentioned to use kubernetes version 1.24 for mosip deployment but gke is offering the lowest version to be 1.27 , and for regclient the error i get is keystore password is incorrect.

Please can you provide me the charts for config-server, regclient and ida to use in gke for the same and the gke configurations to use for loadbalancing and autoscaling.

Recently, we have tried deploying MOSIP with v1.28.x Kubernetes version. Except for ClamAV other modules deployed successfully with the same helm charts. To resolve ClamAV, deploy with the version mentioned in the previous comment.

Regclient is failing due to an openssl version issue (i.e., 1.1.1x). We will be sharing the resolution for this issue.

Thank you so much , yes please do.

Dear @Arjun_Bose

Please deploy the regclient from the develop branch of mosip-infra.

Before running the install script, update the Docker image in the set command and provide it in the helm command within the install.sh script:

--set image.repository="mosipid/registration-client" --set image.tag="1.2.0.1"

For example:

helm -n $NS install regclient mosip/regclient \
  --set image.repository="mosipid/registration-client" --set image.tag="1.2.0.1" \
  --set regclient.upgradeServerUrl=https://$REGCLIENT_HOST \
  --set regclient.healthCheckUrl=$HEALTH_URL \
  --set regclient.hostName=$INTERNAL_HOST \
  --set istio.host=$REGCLIENT_HOST \
  --wait \
  --version $CHART_VERSION

Thank you so much.

The ida issue which I was facing was as follows_

the ida issue which I was facing was

org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘utilities’: Injection of autowired dependencies failed; nested exception is java.lang.IllegalArgumentException: Could not resolve placeholder ‘mosip.openid.issuers’ in value “${mosip.openid.issuers}”
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:379) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1348) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:578) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:501) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:760) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:869) ~[spring-context-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550) ~[spring-context-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) ~[spring-boot-2.0.2.RELEASE.jar!/:2.0.2.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:759) ~[spring-boot-2.0.2.RELEASE.jar!/:2.0.2.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:395) ~[spring-boot-2.0.2.RELEASE.jar!/:2.0.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:327) ~[spring-boot-2.0.2.RELEASE.jar!/:2.0.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1255) ~[spring-boot-2.0.2.RELEASE.jar!/:2.0.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1243) ~[spring-boot-2.0.2.RELEASE.jar!/:2.0.2.RELEASE]
at io.mosip.mimoto.MimotoServiceApplication.main(MimotoServiceApplication.java:73) ~[classes!/:0.10.0]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) ~[mimoto.jar:0.10.0]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) ~[mimoto.jar:0.10.0]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) ~[mimoto.jar:0.10.0]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) ~[mimoto.jar:0.10.0]
Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder ‘mosip.openid.issuers’ in value “${mosip.openid.issuers}”
at org.springframework.util.PropertyPlaceholderHelper.parseStringValue(PropertyPlaceholderHelper.java:172) ~[spring-core-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.util.PropertyPlaceholderHelper.replacePlaceholders(PropertyPlaceholderHelper.java:124) ~[spring-core-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.core.env.AbstractPropertyResolver.doResolvePlaceholders(AbstractPropertyResolver.java:237) ~[spring-core-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.core.env.AbstractPropertyResolver.resolveRequiredPlaceholders(AbstractPropertyResolver.java:211) ~[spring-core-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.context.support.PropertySourcesPlaceholderConfigurer.lambda$processProperties$0(PropertySourcesPlaceholderConfigurer.java:175) ~[spring-context-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.resolveEmbeddedValue(AbstractBeanFactory.java:839) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1086) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1065) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:584) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:91) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:373) ~[spring-beans-5.0.6.RELEASE.jar!/:5.0.6.RELEASE]
… 25 common frames omitted

The error you encountered is due to Spring not being able to resolve the placeholder ${mosip.openid.issuers}.

Dear @Arjun_Bose

Could you please provide additional details regarding the issue mentioned above:

• Which version of IDA is currently deployed?
• Could you share the link to the GitHub repository for MOSIP configuration properties?
• Upon reviewing our mosip/mosip-config repository, I have found that the property mosip.openid.issuers exists only in the Mimoto properties and not in the IDA properties. Could you please check if this property was added by mistake?

Thank you.

hi i was able to resolve the keystore password issue in regclient but now in the logs this is coming

Started with args
initialized variables
created mosip-application.properties
java.io.FileNotFoundException: registration-services-1.2.1-SNAPSHOT.jar (No such file or directory)
at java.base/java.io.FileInputStream.open0(Native Method)
at java.base/java.io.FileInputStream.open(FileInputStream.java:219)
at java.base/java.io.FileInputStream.(FileInputStream.java:157)
at jdk.jartool/sun.tools.jar.Main.run(Main.java:360)
at jdk.jartool/sun.tools.jar.Main.main(Main.java:1681)

please can you help

please can you suggest some way around on this @syed.salman @HarikrishnaReddy

please can you revert on this , little urgent @syed.salman @HarikrishnaReddy @sanchi-singh24

This is the exact issue im facing when trying to deploy ida-keygen

{“@timestamp”:“2024-07-30T10:32:06.327Z”,“@version”:“1”,“message”:“sessionId - - - Fetching Key Policy for keyPolicyName(Cache): IDA_VCI_EXCHANGE”,“logger_name”:“io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“keys-generator”}
{“@timestamp”:“2024-07-30T10:32:06.329Z”,“@version”:“1”,“message”:“sessionId - keyPolicy - Optional.empty - Key Policy not found for this application Id. Key/CSR generation not allowed.”,“logger_name”:“io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper”,“thread_name”:“main”,“level”:“ERROR”,“level_value”:40000,“appName”:“keys-generator”}
{“@timestamp”:“2024-07-30T10:32:06.338Z”,“@version”:“1”,“message”:“\n\nError starting ApplicationContext. To display the conditions report re-run your application with ‘debug’ enabled.”,“logger_name”:“org.springframework.boot.autoconfigure.logging.ConditionEvaluationReportLoggingListener”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“keys-generator”}
{“@timestamp”:“2024-07-30T10:32:06.348Z”,“@version”:“1”,“message”:“Application run failed”,“logger_name”:“org.springframework.boot.SpringApplication”,“thread_name”:“main”,“level”:“ERROR”,“level_value”:40000,“stack_trace”:“java.lang.IllegalStateException: Failed to execute CommandLineRunner\n\tat org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:800)\n\tat org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:781)\n\tat org.springframework.boot.SpringApplication.run(SpringApplication.java:335)\n\tat org.springframework.boot.SpringApplication.run(SpringApplication.java:1255)\n\tat org.springframework.boot.SpringApplication.run(SpringApplication.java:1243)\n\tat io.mosip.kernel.keygenerator.KeysGeneratorApplication.main(KeysGeneratorApplication.java:23)\n\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tat java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.base/java.lang.reflect.Method.invoke(Method.java:566)\n\tat org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)\n\tat org.springframework.boot.loader.Launcher.launch(Launcher.java:87)\n\tat org.springframework.boot.loader.Launcher.launch(Launcher.java:50)\n\tat org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:593)\nCaused by: io.mosip.kernel.keymanagerservice.exception.InvalidApplicationIdException: KER-KMS-002 → ApplicationId not found in Key Policy. Key/CSR generation not allowed.\n\tat io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper.getKeyPolicy(KeymanagerDBHelper.java:257)\n\tat io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl.generateMasterKey(KeymanagerServiceImpl.java:488)\n\tat io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl$$FastClassBySpringCGLIB$$37c188ac.invoke()\n\tat org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)\n\tat org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)\n\tat org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)\n\tat org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)\n\tat org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)\n\tat io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl$$EnhancerBySpringCGLIB$$2569ef23.generateMasterKey()\n\tat io.mosip.kernel.keygenerator.generator.KeysGenerator.generateMasterKey(KeysGenerator.java:195)\n\tat io.mosip.kernel.keygenerator.generator.KeysGenerator.lambda$generateKeys$0(KeysGenerator.java:120)\n\tat java.base/java.util.ArrayList.forEach(ArrayList.java:1541)\n\tat io.mosip.kernel.keygenerator.generator.KeysGenerator.generateKeys(KeysGenerator.java:100)\n\tat io.mosip.kernel.keygenerator.KeysGeneratorApplication.run(KeysGeneratorApplication.java:31)\n\tat org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:797)\n\t… 13 common frames omitted\n”,“appName”:“keys-generator”}
{“@timestamp”:“2024-07-30T10:32:06.350Z”,“@version”:“1”,“message”:“Closing org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@1040be71: startup date [Tue Jul 30 10:31:52 UTC 2024]; parent: org.springframework.context.annotation.AnnotationConfigApplicationContext@5b239d7d”,“logger_name”:“org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“keys-generator”}
{“@timestamp”:“2024-07-30T10:32:06.354Z”,“@version”:“1”,“message”:“Unregistering JMX-exposed beans on shutdown”,“logger_name”:“org.springframework.jmx.export.annotation.AnnotationMBeanExporter”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“keys-generator”}
{“@timestamp”:“2024-07-30T10:32:06.355Z”,“@version”:“1”,“message”:“Unregistering JMX-exposed beans”,“logger_name”:“org.springframework.jmx.export.annotation.AnnotationMBeanExporter”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“keys-generator”}
{“@timestamp”:“2024-07-30T10:32:06.360Z”,“@version”:“1”,“message”:“Closing JPA EntityManagerFactory for persistence unit ‘hibernate’”,“logger_name”:“org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“keys-generator”}
{“@timestamp”:“2024-07-30T10:32:06.362Z”,“@version”:“1”,“message”:“HikariPool-1 - Shutdown initiated…”,“logger_name”:“com.zaxxer.hikari.HikariDataSource”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“keys-generator”}
{“@timestamp”:“2024-07-30T10:32:06.365Z”,“@version”:“1”,“message”:“HikariPool-1 - Shutdown completed.”,“logger_name”:“com.zaxxer.hikari.HikariDataSource”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“keys-generator”}

@Arjun_Bose

Could you please provide more info on this,
Which version of the regclient was deployed and what manual changes have you performed for the regclient deployment?

@Arjun_Bose

Which version of IDA are you trying to deploy?
What is the postgres-init DB’s deployed?

Could you please provide the tables mentioned below:

• IDA db —> key_policy_def table
• IDA db —> key_alias table

have deployed reegclient as mentioned by you above

Please deploy the regclient from the develop branch of mosip-infra .

Before running the install script, update the Docker image in the set command and provide it in the helm command within the install.sh script:

--set image.repository="mosipid/registration-client" --set image.tag="1.2.0.1"

For example:

helm -n $NS install regclient mosip/regclient \
  --set image.repository="mosipid/registration-client" --set image.tag="1.2.0.1" \
  --set regclient.upgradeServerUrl=https://$REGCLIENT_HOST \
  --set regclient.healthCheckUrl=$HEALTH_URL \
  --set regclient.hostName=$INTERNAL_HOST \
  --set istio.host=$REGCLIENT_HOST \
  --wait \
  --version $CHART_VERSION

this is the postgres init db

Please deploy the regclient from the develop branch of mosip-infra .

Before running the install script, update the Docker image in the set command and provide it in the helm command within the install.sh script:

--set image.repository="mosipid/registration-client" --set image.tag="1.2.0.1"

For example:

helm -n $NS install regclient mosip/regclient \
  --set image.repository="mosipid/registration-client" --set image.tag="1.2.0.1" \
  --set regclient.upgradeServerUrl=https://$REGCLIENT_HOST \
  --set regclient.healthCheckUrl=$HEALTH_URL \
  --set regclient.hostName=$INTERNAL_HOST \
  --set istio.host=$REGCLIENT_HOST \
  --wait \
  --version $CHART_VERSION

this is the version of ida

ll.sh
#!/bin/bash

Installs all ida helm charts

Usage: ./install.sh [kubeconfig]

if [ $# -ge 1 ] ; then
export KUBECONFIG=$1
fi

NS=ida
CHART_VERSION=12.0.1-B3
KEYGEN_CHART_VERSION=12.0.1-B2

echo Create $NS namespace
kubectl create ns $NS

function installing_ida() {
echo Istio label
kubectl label ns $NS istio-injection=enabled --overwrite
helm repo update

where will i get these

• IDA db —> key_policy_def table
• IDA db —> key_alias table?

Dear @Arjun_Bose

We have to update the regclient jar version in the regclient deployment.
Please use the command below to update it.

kubectl -n regclient edit deploy regclient

....
....
      containers:
        - env:
            - name: client_version_env
              value: 1,2.0.1

Dear @Arjun_Bose

please install the PG admin 4 —> login to MOSIP’s postgres server ---->

1. 

   image1148×303 19.2 KB
2. 

   image773×605 28.2 KB
3. 

   image782×608 33.5 KB

You can get the password from Kubernetes secret under the postgres namespace

image1147×410 31.1 KB

please share the mentioned tables to debug the issue