Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve service initialization process #1046

Closed
FelixTing opened this issue Feb 25, 2022 · 0 comments · Fixed by #1047
Closed

Improve service initialization process #1046

FelixTing opened this issue Feb 25, 2022 · 0 comments · Fixed by #1047
Assignees
@FelixTing
Labels
enhancement New feature or request
Milestone
Kamakura

Comments

@FelixTing
Copy link
Member

There is an issue with the service initialization in secure mode if the external MQTT trigger is selected and auth mode is usernamepassword, clientcert, or cacert.

Example:
Edit the docker-compose.yml to add the custom ASC service's service key to EdgeX service secretstore-setup's ADD_SECRETSTORE_TOKENS environment variable. Assuming that the custom ASC service is app-external-mqtt-trigger.

  secretstore-setup:
    container_name: edgex-security-secretstore-setup
    depends_on:
    - security-bootstrapper
    - vault
    environment:
      ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],redisdb[device-virtual]
      ADD_SECRETSTORE_TOKENS: 'app-external-mqtt-trigger'

The app-external-mqtt-trigger ASC service's configuration contains the setting

[Trigger]
Type="external-mqtt"
  [Trigger.externalmqtt]
  Url = "tls://test.mosquitto.org:8884"
  SubscribeTopics="test/#"
  ClientId ="app-external-mqtt-trigger"
  Qos            = 0
  KeepAlive      = 10
  Retained       = false
  AutoReconnect  = true
  ConnectTimeout = "30s"
  SkipCertVerify = false
  AuthMode = "clientcert"
  SecretPath = "mqtt"

When starting the app-external-mqtt-trigger ASC service, it will fail on the trigger initialization and then shutdown.

level=INFO ts=2022-02-25T05:23:15.421383Z app=app- source=triggerfactory.go:54 msg="External MQTT trigger selected"
level=INFO ts=2022-02-25T05:23:15.421395Z app=app- source=mqtt.go:74 msg="Initializing MQTT Trigger"
level=ERROR ts=2022-02-25T05:23:15.422618Z app=app- source=service.go:175 msg="unable to create secure MQTT Client: Error found on handling secrets from underlying data-store: Received a '404' response from the secret store"
level=ERROR ts=2022-02-25T05:23:15.422648Z app=app- source=main.go:64 msg="MakeItRun returned error: failed to initialize Trigger"

Because the required secrets did not exist in Secret Store at the time the ASC service starts.

IMHO, we can resolve this issue by making the following changes:

The concept of the retry mechanism is to wait for a signal from the AddSecret handler to retry if the service cannot get required secrets from Secret Store. With this proposal, users can store secrets to Secret Store using the Application Service API after ASC service is started so that the trigger initialization process can continue.

A draft PR will be submitted later on.
@FelixTing FelixTing mentioned this issue Feb 25, 2022
Merged
5 tasks
@lenny-goodell lenny-goodell added the enhancement New feature or request label Mar 1, 2022
@lenny-goodell lenny-goodell added this to the Kamakura milestone Mar 1, 2022
@FelixTing FelixTing mentioned this issue Mar 4, 2022
Closed
@AlexCuse AlexCuse mentioned this issue Mar 9, 2022
Closed
@lenny-goodell lenny-goodell mentioned this issue Mar 9, 2022
Closed
@judehung judehung mentioned this issue Mar 11, 2022
Merged
5 tasks
FelixTing added a commit to FelixTing/app-functions-sdk-go that referenced this issue Mar 17, 2022
@FelixTing
refactor: Improve the code readability for the change of issue edgexf…
fffe9b9 
…oundry#1046

Signed-off-by: Felix Ting <[email protected]>
lenny-goodell pushed a commit that referenced this issue Mar 17, 2022
@FelixTing
refactor: Improve the code readability for the change of issue #1046 (#…
fa9e06d 
…1060)

Signed-off-by: Felix Ting <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FelixTing FelixTing

Labels
enhancement New feature or request
Projects
None yet
Milestone
Kamakura
Development

Successfully merging a pull request may close this issue.

feat: Improve service initialization process FelixTing/app-functions-sdk-go
2 participants
@FelixTing @lenny-goodell