-
Notifications
You must be signed in to change notification settings - Fork 128
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
contrib.opensack.cert_utils.get_certificate_request like() can greate None indexted list #732
Comments
My workaround is |
To clarify. It's really not exactly clear under which circumstances this happens. The code around where it happens looks totally benign. It's basically the tls-certificates interface layer plain vanilla. What is utterly strange however is, that the issue is triggered or becomes visible only during juju agent upgrades or when the model is migrated to a different controller. I have no clue what environmental factors are triggered by that. If you reboot the instance the bug goes away. But the v6 address stays. |
I just traced the issue down to this line and not matter what triggers it, a list with Before this vault only had one request. After the juju upgrade-model and this fix to charmhelpers we have two. before octavia/1:
in-scope: true
data:
cert_requests: '{"juju-52da4d-22-lxd-21.example.com": {"sans":
["100.115.0.168", "100.115.0.56"]}}'
certificate_name: 91a7d86f-0e14-405d-a722-7c3e557b3dbb
common_name: octavia.example.com
egress-subnets: 100.115.0.168/32
ingress-address: 100.115.0.168
private-address: 100.115.0.168
sans: '["100.115.0.168", "100.115.0.56", "octavia.example.com"]'
unit_name: octavia_1 after octavia/1:
in-scope: true
data:
cert_requests: '{"fc00:4248:fae8:2d6d:f816:3eff:fe27:ec30": {"sans": ["fc00:4248:fae8:2d6d:f816:3eff:fe27:ec30"]},
"juju-52da4d-22-lxd-21.example.com": {"sans": ["100.115.0.168",
"100.115.0.56"]}}'
certificate_name: 91a7d86f-0e14-405d-a722-7c3e557b3dbb
common_name: octavia.example.com
egress-subnets: 100.115.0.168/32
ingress-address: 100.115.0.168
private-address: 100.115.0.168
sans: '["100.115.0.168", "100.115.0.56", "octavia.example.com"]'
unit_name: octavia_1 |
Having ipv6 addresses floating around in vault caused more issues. |
Am I really the only one seeing this? What's special here is that we only use IPv6 for the amphoras. Perhaps that is unusual? Also I found no way of re-building my charm based on a released version (with build.lock) and my patched charmhelpers. I had to manually patch the zip files. I really need something long term for that. |
@fnordahl have you seen this one before? |
contrib.opensack.cert_utils may generate
None
a indexed list if a ip address exists on the system that is not resolvable.In my case I have a IPv6 address
fc00:4248:fae8:2d6d:f816:3eff:fe27:ec30
that doesn't resolve to anything.This leads to a list of requests returned from get_certificate_request like
None
causes a huge amount of problems downstream.Here it tries to resolve it without any fallback
charm-helpers/charmhelpers/contrib/openstack/cert_utils.py
Line 93 in 28f26b7
The text was updated successfully, but these errors were encountered: