AuthHub 2.1.0 - Adminconsole and signin service failing to deploy
search cancel

AuthHub 2.1.0 - Adminconsole and signin service failing to deploy

book

Article ID: 266748

calendar_today

Updated On:

Products

Symantec Identity Security Platform - IDSP (formerly VIP Authentication Hub)

Issue/Introduction

When deploying ssp 2.1.0, two of the pods are failing (adminconsole and signing), entering the CrashLoopBackOff state. We have the following logs, No DB changes were done.

Started SspVaultSecretsInitializerApplication in 15.005 seconds (process running for 20.766)
vaultVer::null
vaultAddr::null
2023-05-19T18:29:48.830Z  INFO 1 --- [           main] c.u.j.filter.DefaultLazyPropertyFilter   : Property Filter custom Bean not found with name 'encryptablePropertyFilter'. Initializing Default Property Filter
2023-05-19T18:29:48.924Z  INFO 1 --- [           main] c.u.j.r.DefaultLazyPropertyResolver      : Property Resolver custom Bean not found with name 'encryptablePropertyResolver'. Initializing Default Property Resolver
2023-05-19T18:29:48.926Z  INFO 1 --- [           main] c.u.j.d.DefaultLazyPropertyDetector      : Property Detector custom Bean not found with name 'encryptablePropertyDetector'. Initializing Default Property Detector
2023-05-19T18:29:48.937Z  INFO 1 --- [           main] c.u.j.encryptor.DefaultLazyEncryptor     : Found Custom Encryptor Bean com.symantec.vip.vault.decryptor.VaultStringDecryptor@13cf7d52 with name: vaultStringDecryptor
2023-05-19T18:29:48.937Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Trying to decrypt [ssp-db.password] key
2023-05-19T18:29:48.938Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Using vault running with secret engine null for secure data encryption/decryption
2023-05-19T18:29:48.938Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Using vault running at null for secure data encryption/decryption
2023-05-19T18:29:48.939Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Trying to decrypt [ssp-db.password] key
2023-05-19T18:29:48.939Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Using vault running with secret engine null for secure data encryption/decryption
2023-05-19T18:29:48.939Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Using vault running at null for secure data encryption/decryption
2023-05-19T18:29:48.939Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Trying to decrypt [ssp-db.password] key
2023-05-19T18:29:48.939Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Using vault running with secret engine null for secure data encryption/decryption
2023-05-19T18:29:48.939Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Using vault running at null for secure data encryption/decryption
2023-05-19T18:29:48.939Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Trying to decrypt [ssp-db.password] key
2023-05-19T18:29:48.939Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Using vault running with secret engine null for secure data encryption/decryption
2023-05-19T18:29:48.939Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Using vault running at null for secure data encryption/decryption
2023-05-19T18:29:48.939Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Trying to decrypt [ssp-db.password] key
2023-05-19T18:29:48.939Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Using vault running with secret engine null for secure data encryption/decryption
2023-05-19T18:29:48.939Z  INFO 1 --- [           main] c.s.v.v.decryptor.VaultStringDecryptor   : Using vault running at null for secure data encryption/decryption
Exception while fetching DB password from the vault : Unable to decrypt property: ENC(ssp-db.password) resolved to: ENC(ssp-db.password). Decryption of Properties failed,  make sure encryption/decryption passwords match
Unable to fetch DB password from the vault..Stop the service
chmod: /opt/appdynamics-agent: Operation not permitted

 

Environment

Release : AuthHub 2.1

Resolution

This issue happened because the image ssp-vault-secrets-initializer accidentally tagged and pushed as bubble.net:5000/bubble/linux/bxp/ae/vendor/ui-helper-svc:2.1.0.1036. Below commands is used in Helm Install which uses a Digest of the image and with this the image was not retrieved proving that the wrong image was pushed. Once it was corrected the Admin UI and Signin-UI deployed successfully.

--set global.useImageDigest=true \
--set hazelcast-enterprise.image.tag="5.1.3-ssl-D9P5" \
--set ssp.adminconsole.imageDigest="sha256:b1c15393b2668bedb22e7a682c4bd65d57ac92f233a4ebcdefba1344949201b1"

Powered by Wolken Software