OTMM CE 21.2 kubernates pod error waiting for otds service

Janakiraman_Rajaram
Janakiraman_Rajaram
in Digital Asset Management #1

OTMM CE 21.2 kubernates pod error waiting for otds service ?


Hw to resolve this?

Comments

  • Jeremy Naylor
    Jeremy Naylor E Member
    #2

    Just a sanity check, did you deploy OTDS prior to deploying OTMM? Also, within the helm chart, verify that the addresses are defined for the OTDS. If the OTDS pod isn't started, that is likely the reason.

    Jeremy Naylor
    Lead Quality Analyst | Engineering / XECM

  • Janakiraman_Rajaram
    Janakiraman_Rajaram
    #3

    yes its started and able to lauch seperately


    Thanks for quick response

  • Janakiraman_Rajaram
    Janakiraman_Rajaram
    #4

    OTMM pod describe


    Events:

     Type   Reason         Age         From           Message

     ----   ------         ----        ----           -------

     Normal  Scheduled        47m         default-scheduler    Successfully assigned default/otmm-0 to gke-cluster-2-default-pool-eb081b8e-tplp

     Normal  SuccessfulAttachVolume 47m         attachdetach-controller AttachVolume.Attach succeeded for volume "pvc-8e3048a8-d655-4b61-a68f-4b732ec35acb"

     Normal  Pulling         46m         kubelet         Pulling image "europe-north1-docker.pkg.dev/otmmdamtestk8-2c5b/damrepoall/otmm:21.2"

     Normal  Pulled         46m         kubelet         Successfully pulled image "europe-north1-docker.pkg.dev/otmmdamtestk8-2c5b/damrepoall/otmm:21.2" in 1.922200074s

     Normal  Created         46m         kubelet         Created container otmm

     Normal  Started         46m         kubelet         Started container otmm

      Warning  Unhealthy               65s (x44 over 44m)  kubelet                  Readiness probe failed: Get "http://10.44.2.22:11090/teams/ping": dial tcp 10.44.2.22:11090: connect: connection refused




    OTMM log


    **Decrypted data is** null

    index_SEC.cfg has been created.

    Sep 07, 2022 2:19:29 PM com.artesia.common.encryption.encryption.EncryptDecryptWrapper doEncryptDecrypt

    INFO: File has been encrypted

    **Decrypted data is** null

    OTDS_SEC_Srv.cfg has been created and encrypted.

    Sep 07, 2022 2:19:30 PM com.artesia.common.encryption.encryption.EncryptDecryptWrapper doEncryptDecrypt

    INFO: File has been encrypted

    **Decrypted data is** null

    SMTP_SEC_Srv.cfg has been created and encrypted.

    Sep 07, 2022 2:19:31 PM com.artesia.common.encryption.encryption.EncryptDecryptWrapper doEncryptDecrypt

    INFO: File has been encrypted

    **Decrypted data is** null

    RabbitMQ_SEC_Srv.cfg has been created and encrypted.

    Waiting for OTDS Service...



    config map

    OTDS_PORT: "8080"  also tried with 80
OTDS_HOST: "otdsws"


  • Jeremy Naylor
    Jeremy Naylor E Member
    #5

    So that error generally means that the OTMM server cannot communicate with the OTDS server. Without knowing your architecture, can't really help much, but I would verify that the address/url configured in the values.yaml, under

    otdsPublicHostname: &otds_host your.domain.here

    otdsPublicPortNumber: &otds_port

    Is accessible from within the workspace that you are using, It could be a port issue, or invalid address. But long story short, it cannot communicate, it will wait for I believe the timeout is 3 minutes, and then fail out.

    Jeremy Naylor
    Lead Quality Analyst | Engineering / XECM

  • Janakiraman_Rajaram
    Janakiraman_Rajaram
    #6 
    In values yaaml I set 

useDefaultIngressHost: &use_default_ingress_host true

    for above reason , i didnt set below values instead system will use config map values

    #-------------------------------------
# - Independent public hostname
# ------------------------------------
otdsPublicHostname: &otds_host
mbirPublicHostname: &mbir_host

    and config map 


    OTDS_PORT: "8080"
OTDS_HOST: "otdsws"


  • Janakiraman_Rajaram
    Janakiraman_Rajaram
    #7

    sec.cfg

    OTDS_ADMIN_USER:otadmin@otds.admin
OTDS_ADMIN_PWD:otds


  • Janakiraman_Rajaram
    Janakiraman_Rajaram
    #8
    image.png


  • Jeremy Naylor
    Jeremy Naylor E Member
    #9

    We build the internal config for OTDS based off the otds_host variable being populated in

    otdsPublicHostname: &otds_host

    So I'd make sure that that is populated, so something simlar to

    otdsPublicHostname: &otds_host your.external.domain.com


    Jeremy Naylor
    Lead Quality Analyst | Engineering / XECM

  • Janakiraman_Rajaram
    Janakiraman_Rajaram
    #10

    still the same


    otdsPublicHostname: &otds_host "xx.****.xx.70.nip.io"


"xx.****.xx.70.nip.io"  this will take me to otds login page

    configMap

    OTDS_PORT: "80"
OTDS_HOST: "otdsws"


    describe


     Normal  Scheduled        5m49s         default-scheduler    Successfully assigned default/otmm-0 to gke-cluster-2-default-pool-eb081b8e-ak8o

     Warning FailedMount       5m48s         kubelet         MountVolume.SetUp failed for volume "otmm-custom-volume" : failed to sync configmap cache: timed out waiting for the condition

     Normal  SuccessfulAttachVolume 5m46s         attachdetach-controller AttachVolume.Attach succeeded for volume "pvc-8e3048a8-d655-4b61-a68f-4b732ec35acb"

     Normal  Pulled         5m42s         kubelet         Successfully pulled image "xxxxxx/damrepoall/otmm:21.2" in 2.112554746s

     Normal  Pulled         5m35s         kubelet         Successfully pulled image "xxxxxx/damrepoall/otmm:21.2" in 2.008542599s

     Normal  Pulled         5m17s         kubelet         Successfully pulled image "xxxxxx/damrepoall/otmm:21.2" in 2.678197844s

     Normal  Created         4m47s (x4 over 5m41s) kubelet         Created container otmm

     Normal  Started         4m47s (x4 over 5m41s) kubelet         Started container otmm

     Normal  Pulled         4m47s         kubelet         Successfully pulled image "xxxxxx/damrepoall/otmm:21.2" in 2.089065264s

     Normal  Pulling         3m53s (x5 over 5m44s) kubelet         Pulling image "xxxxxx/damrepoall/otmm:21.2"

     Warning BackOff         40s (x23 over 5m31s)  kubelet         Back-off restarting failed container

    LOG

    **Decrypted data is** null

    SMTP_SEC_Srv.cfg has been created and encrypted.

    Sep 07, 2022 3:38:30 PM com.artesia.common.encryption.encryption.EncryptDecryptWrapper doEncryptDecrypt

    INFO: File has been encrypted

    **Decrypted data is** null

    RabbitMQ_SEC_Srv.cfg has been created and encrypted.

    Waiting for OTDS Service...

    OTDSTicket:

  • Jeremy Naylor
    Jeremy Naylor E Member
    #11

    It's actually progress, it looks to be attempting to get an OTDS ticket now. Rather then more back and forth, feel free to create a support ticket and we can dig further.

    I'd verify that in the otds logs, specifically the otds logs, to see if we are receiving an auth request.

    Jeremy Naylor
    Lead Quality Analyst | Engineering / XECM

  • Janakiraman_Rajaram
    Janakiraman_Rajaram
    #12

    Sure Thanks for all your quick response . yes im going to create the ticket


    one more completely different question How DB will installed im using SQLserver?


    During POD creation it will be installed ?

  • Jeremy Naylor
    Jeremy Naylor E Member
    #13

    within the helm chart, under scripts there are db utilities.

    scripts\db_utilities\sqlserver

    Within there is a readme.txt file, just go through that, and it should give you direction on how to create the database.

    Depending on how you access the SQL server, you can just modify the database.sql with relevant information based off of the readmet.txt and execute it on the SQL Server.

    That will create the basic schema and permissions we require, when the pod is deployed it will install the rest of the relevant tables/procedures/triggers etc...

    Jeremy Naylor
    Lead Quality Analyst | Engineering / XECM

  • Janakiraman_Rajaram
    Janakiraman_Rajaram
    #14

    Yes i did that step

    Tables and procedures yet be created i think need to resolve this otds after it will be created i guess


    Thank you so much ! Have a nice day

  • Janakiraman_Rajaram
    Janakiraman_Rajaram
    #15

    Im doing mistake in this part


    already sec.cfg file present with key value pair do i need to encrypt this file by copying this content to key.txt?

    Im confused in this part.

    I found that user name and password goes empty to the pod.



    Below the document lines

    To use a custom encryption key to encrypt the credentials file, do the following:

    Note: You can optionally configure a custom encryption key for increased

    security. By default, OTMM uses an embedded static key. If you want to

    use the embedded static key, skip to step 3.

    a. Generate a random key that meets the 256-bit Advanced Encryption

    Standard (AES-256).

    b. In the conf/vault folder, create a file called key.txt and copy the random

    key value to the file.

    3. Navigate to the tools folder and run the following command to encrypt the

    credentials file using the vault_encrypt_decrypt_tool.sh script:

    ./vault_encrypt_decrypt_tool.sh <deployment_configuration_folder>/

    otmm/conf/vault

    Note: The script checks the vault folder for the key.txt file. If the file is

    present, the custom encryption key is used. If the file is not present, the

    default embedded encryption key is used.

  • Jeremy Naylor
    Jeremy Naylor E Member
    #16

    No, the only reason you'd want to use the sec.txt file is if you wanted to do some custom encryption method other then the default. In most scenarios, the default is fine.

    1- Update sec.cfg with appropriate key/value pairs

    2- Ignore step 2 in documentation unless you want a custom encryption key

    3- run ./vault_encrypt_decrypt_tool.sh <deployment_configuration_folder>/otmm/conf/vault

    Jeremy Naylor
    Lead Quality Analyst | Engineering / XECM

  • Janakiraman_Rajaram
    Janakiraman_Rajaram
    #17

    fixed

Categories