X-Road Security Server sidecar is a Docker container that is intended to be installed as a sidecar next to the consumer information system.
License: MIT License
After starting docker image niis/xroad-security-server-sidecar:7.2.2-slim
Failed to read instance identifier from /etc/xroad/globalconf/instance-identifier
java.io.FileNotFoundException: /etc/xroad/globalconf/instance-identifier (No such file or directory)
/etc/xroad/globalconf/ is empty
Got the error showed down below while trying to configure The X-Road Security Server Sidecar on a Kubernetes Cluster after deploy.
The error occurred while I was creating the authentication keys.
I'm using the following set-up:
niis/xroad-security-server-sidecar:6.25.0-primary and niis/xroad-security-server-sidecar:6.25.0-secondaryv1.24.9I've tried looking for the error with the error code but no luck with that. Please, help.
I'm trying to follow the k8s example using 6.26.0 version of the sidecar with primary and secondary containers. Ran into a couple of issues:
/var/log/postgresql/postgresql-12-main.log:2021-11-05 07:44:00.588 UTC [67] LOG: starting PostgreSQL 12.7...
...
2021-11-05 07:44:00.607 UTC [68] LOG: database system was shut down at 2021-07-01 15:01:33 UTC
2021-11-05 07:44:00.612 UTC [67] LOG: database system is ready to accept connections
...
2021-11-05 07:44:03.477 UTC [150] serverconf@serverconf FATAL: password authentication failed for user "serverconf"
2021-11-05 07:44:03.477 UTC [150] serverconf@serverconf DETAIL: Role "serverconf" does not exist.
...
2021-11-05 07:44:05.414 UTC [213] serverconf_admin@serverconf ERROR: relation "serverconf.databasechangeloglock" does not exist at character 22
2021-11-05 07:44:05.414 UTC [213] serverconf_admin@serverconf STATEMENT: select count(*) from serverconf.databasechangeloglock
...
2021-11-05 07:44:13.290 UTC [67] LOG: received fast shutdown request
2021-11-05 07:44:13.291 UTC [67] LOG: aborting any active transactions
2021-11-05 07:44:13.293 UTC [67] LOG: background worker "logical replication launcher" (PID 74) exited with exit code 1
2021-11-05 07:44:13.293 UTC [69] LOG: shutting down
2021-11-05 07:44:13.348 UTC [67] LOG: database system is shut down
I can see the exact same log entries dated 2021-07-01, which is most likely the day the image was built.
${XROAD_DATABASE_NAME}_admin is expected. Is this mentioned anywhere in the documentation?Creating admin user with user-supplied credentials
Configuring groups
xroad-securityserver-observer
bash: -c: line 0: unexpected EOF while looking for matching `"'
bash: -c: line 1: syntax error: unexpected end of file
Any idea why this is happening?
We're seeing intermittent OutOfMemoryErrors in the sidecar (secondary). The container is deployed in Kubernetes and the Pod has 4G memory allocated - usage is around 2,5G so the Pod should have enough resources.
How do we increase memory for the individual container processes?
Hi,
TLDR; The security sever is unable to configure users and roles etc when using remote db.
I am following the instructions here https://github.com/nordic-institute/X-Road-Security-Server-sidecar/blob/master/doc/security_server_sidecar_user_guide.md#25-using-an-external-database to connect to a containerised instance of postgres.
I am using docker compose and here is my configuration.
version: "3.3"
services:
# other services
# ...
xroad-security-server:
image: niis/xroad-security-server-sidecar:7.2.2-ee
# restart: always
container_name: xroad-security-server
ports:
- 4000:4000
- 5588:5588
- 8443:8443
- 5500:5500
- 5577:5577
environment:
XROAD_TOKEN_PIN: ${XROAD_TOKEN_PIN}
XROAD_ADMIN_USER: ${XROAD_ADMIN_USER}
XROAD_ADMIN_PASSWORD: ${XROAD_ADMIN_PASSWORD}
XROAD_DB_HOST: xroad-postgres
XROAD_DB_PASSWORD: ${XROAD_DB_PASSWORD}
XROAD_LOG_LEVEL: INFO
depends_on:
- xroad-postgres
xroad-postgres:
image: postgres:12
restart: always
container_name: xroad-postgres
volumes:
- xroad-db-volume:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${XROAD_DB_PASSWORD}
volumes:
xroad-db-volume:
name: xroad-db-data
Environment variables in the compose config are provided in a separate .env file. After running docker compose up -d, I checked the logs of both containers and saw the following errors.
xroad-security-server container logs:
2023-05-07T10:49:58+00:00 INFO [entrypoint] Starting X-Road Security Server version 7.2.2-1.ubuntu20.04
2023-05-07T10:49:58+00:00 INFO [entrypoint] Creating admin user with user-supplied credentials
2023-05-07T10:49:58+00:00 INFO [entrypoint] Generating new internal TLS key and certificate
Generating a RSA private key
...........+++++
.......................................................+++++
writing new private key to '/etc/xroad/ssl/internal.key'
-----
2023-05-07T10:49:59+00:00 INFO [entrypoint] Generating new SSL key and certificate for the admin UI
Generating a RSA private key
........................................................................................+++++
...............................+++++
writing new private key to '/etc/xroad/ssl/proxy-ui-api.key'
-----
2023-05-07T10:49:59+00:00 INFO [entrypoint] Creating serverconf database and properties file
2023-05-07T10:49:59+00:00 INFO [entrypoint] Using remote database xroad-postgres:5432
2023-05-07T10:49:59+00:00 INFO [entrypoint] Waiting for the database to become available...
2023-05-07T10:49:59+00:00 INFO [entrypoint] Reconfiguring packages
Configuring groups
psql: error: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
Creating database 'serverconf' on 'xroad-postgres:5432' failed, please check database availability and configuration in /etc/xroad/db.properties and /etc/xroad/xroad.properties
psql: error: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
Creating database 'messagelog' on 'xroad-postgres:5432' failed, please check database availability and configuration in /etc/xroad/db.properties and /etc/xroad/xroad.properties
psql: error: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
Creating database 'op-monitor' on 'xroad-postgres:5432' failed, please check database availability and configuration in /etc/xroad/db.properties and /etc/xroad/xroad.properties
2023-05-07 10:50:04,280 INFO Included extra file "/etc/supervisor/conf.d/xroad.conf" during parsing
2023-05-07 10:50:04,281 INFO Set uid to user 0 succeeded
2023-05-07 10:50:04,291 INFO RPC interface 'supervisor' initialized
2023-05-07 10:50:04,292 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2023-05-07 10:50:04,292 INFO supervisord started with pid 1
xroad-postgres container logs:
2023-05-07 10:49:59.816 UTC [129] FATAL: password authentication failed for user "root"
2023-05-07 10:49:59.816 UTC [129] DETAIL: Role "root" does not exist.
Connection matched pg_hba.conf line 99: "host all all all md5"
2023-05-07 10:50:01.534 UTC [130] FATAL: password authentication failed for user "serverconf"
2023-05-07 10:50:01.534 UTC [130] DETAIL: Role "serverconf" does not exist.
Connection matched pg_hba.conf line 99: "host all all all md5"
2023-05-07 10:50:02.543 UTC [131] FATAL: password authentication failed for user "messagelog"
2023-05-07 10:50:02.543 UTC [131] DETAIL: Role "messagelog" does not exist.
Connection matched pg_hba.conf line 99: "host all all all md5"
2023-05-07 10:50:03.526 UTC [132] FATAL: password authentication failed for user "opmonitor"
2023-05-07 10:50:03.526 UTC [132] DETAIL: Role "opmonitor" does not exist.
Connection matched pg_hba.conf line 99: "host all all all md5"
As per my understanding, security server should be able to use the remote db with the config above but it seems unable to do so. Am I missing something here?
Any input is appreciated because I can't move forward with security server installation until this is resolved. Thanks.
I'm trying to run this (niis/xroad-security-server-sidecar:7.2.2-ee) on AWS ECS with Fargate launch type. Looks like it manages to apply the migrations but then it fails to connect to the database, not sure what is wrong here or how should I approach this issue?
Logs are available from here:
https://gist.github.com/v3rm0n/6f5b55e7f61c9acd48c042b8ef1ea364
Automatic Backup feature is not working unless the cron daemon is manually started inside docker container or cron section is manually added to supervisor config.
Temporary fix was to create a copy of the /etc/supervisor/conf.d/xroad.conf, add the section for cron and mount the file as a volume.
[program:cron]
command = cron -f -L 15
autostart=true
autorestart=true
The problem is present on at least the following docker images:
niis/xroad-security-server-sidecar:7.1.1
niis/xroad-security-server:focal-7.1.0
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.