Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-3286

trustee-deployment does not start (crashloopbackoff)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: High High
    • None
    • OSC 1.7.0
    • trustee
    • None
    • False
    • None
    • False
    • Kata Sprint #258
    • 0
    • 0
    • High

      Description

      <What were you trying to do that didn't work?>

      After configuring the trustee operator following https://docs.google.com/document/d/1itpH2YojYH5nN8GDq68aI3LXGfq1Axd0xR2Kovu83FQ/edit?usp=sharing I noticed the trustee-deployment was failing.

      Steps to reproduce

      <What actions did you take to hit the bug?>
      1. install trustee operator

      2. configure it following doc above
      3.

      Expected result

      <What did you expect to happen?>

      trustee pod would start

      Actual result

      <What actually happened?>

      pod would not start due to crashbackoffloop

      Error: error:80000002:system library:file_ctrl:reason(2):crypto/bio/bss_file.c:297:calling fopen(/etc/https-key/https.key, r), error:10080002:BIO routines:file_ctrl:system lib:crypto/bio/bss_file.c:300:, error:0A080002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib:ssl/ssl_rsa.c:386:

      Impact

      <How badly does this interfere with using the software?>

      Can't use trustee operator

      Env

      <Where was the bug found, i.e. OCP build, operator build, kata-containers build, cluster infra, test case id>

      Using konflux built images

      quay.io/redhat-user-workloads/ose-osc-tenant/trustee-fbc/trustee-fbc-4-16:4781709ce6937782c3120beac58e7a0a747496b0

       
      quay.io/redhat-user-workloads/ose-osc-tenant/trustee/trustee@sha256:c651c01bb3d1a17ce836f9fd1fd15cedd3a0d31b24c308cb2a007322a3bd5a63

      Additional helpful info

      <logs, screenshot, doc links, etc.>

      Full log from trustee-deployment:

      [2024-08-26T18:24:31Z INFO  kbs] Using config file /etc/kbs-config/kbs-config.json
      [2024-08-26T18:24:31Z WARN  attestation_service::rvps] No RVPS address provided and will launch a built-in rvps
      [2024-08-26T18:24:31Z INFO  attestation_service::token::simple] No Token Signer key in config file, create an ephemeral key and without CA pubkey cert
      [2024-08-26T18:24:31Z INFO  kbs] Starting HTTPS server at [0.0.0.0:8080]
      Error: error:80000002:system library:file_ctrl:reason(2):crypto/bio/bss_file.c:297:calling fopen(/etc/https-key/https.key, r), error:10080002:BIO routines:file_ctrl:system lib:crypto/bio/bss_file.c:300:, error:0A080002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib:ssl/ssl_rsa.c:386:

       

              rh-ee-lmilleri Leonardo Milleri
              cmeadors@redhat.com Cameron Meadors
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: