-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix the bug that tunnel-agent/tunnel-server crashes when the local certificate can not be loaded correctly #378
Conversation
…rtificate can not be loaded correctly Signed-off-by: SataQiu <[email protected]>
With this patch, the tunnel-agent can recover from a damaged certificate automatically: I0706 07:40:48.416970 1 start.go:48] yurttunnel-agent version: projectinfo.Info{GitVersion:"v0.4.0", GitCommit:"9426d63", BuildDate:"2021-07-06T07:26:53Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
I0706 07:40:48.417017 1 options.go:136] ipv4=172.16.247.51&host=izbp1ikl8dfbhoc2661jufz is set for agent identifies
I0706 07:40:48.417021 1 options.go:141] neither --kube-config nor --apiserver-addr is set, will use /etc/kubernetes/kubelet.conf as the kubeconfig
I0706 07:40:48.417024 1 options.go:145] create the clientset based on the kubeconfig(/etc/kubernetes/kubelet.conf).
I0706 07:40:48.436797 1 start.go:84] yurttunnel-server address: 122.43.234.97:32502
I0706 07:40:48.436840 1 certificate_store.go:130] Loading cert/key pair from "/var/lib/yurttunnel-agent/pki/yurttunnel-agent-current.pem".
W0706 07:40:48.436904 1 filestore_wrapper.go:50] unexpected error occurred when loading the certificate: could not convert data from "/var/lib/yurttunnel-agent/pki/yurttunnel-agent-current.pem" into cert/key pair: tls: failed to find any PEM data in certificate input, will regenerate it
I0706 07:40:48.437075 1 anpagent.go:57] start serving grpc request redirected from yurttunnel-server: 122.43.234.97:32502
I0706 07:40:48.437194 1 util.go:45] "start handling meta requests(metrics/pprof)" server endpoint="127.0.0.1:10266"
E0706 07:41:08.437575 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 122.43.234.97:32502: i/o timeout\""
E0706 07:41:33.650318 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 122.43.234.97:32502: i/o timeout\"" |
We do not need to check the if !m.certSatisfiesTemplateLocked() {
return m.now()
} |
/assign @rambohe-ch |
@Fei-Guo PTAL! |
/lgtm |
It looks like that certificate will be updated automatically if |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rambohe-ch, SataQiu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…rtificate can not be loaded correctly (openyurtio#378) Signed-off-by: SataQiu <[email protected]>
What type of PR is this?
/kind bug
What this PR does / why we need it:
Fix the bug that tunnel-agent/tunnel-server crashes when the local certificate can not be loaded correctly
Which issue(s) this PR fixes:
Fixes #377
Special notes for your reviewer:
Does this PR introduce a user-facing change?
other Note