[clusterissuer] certificate authority input validation fails after update to dragonfish with custom certificate authority about charts HOT 4 CLOSED

Please follow this
https://ixsystems.atlassian.net/browse/NAS-128590

from charts.

Hence the linked issue I’ve asked you to follow is reopened.

from charts.

@stavros-k Thanks for pointing me to that. This still seems to be a bug with the chart or something on iX's side, the max_length in the clusterissuer chart is 10240, but I'm still seeing the validation error. This is also new after Dragonfish, but the commit to update in the clusterissuer chart that changes the length to 10240 is over a year old, so I think something new is broken. Or did you mean that I should follow up on iX's bug tracker?

from charts.

Just for anybody who hits this issue, upstream has pushed a patch but it'll probably be a while before it makes it into a release. This is a show-stopper for me causing all sorts of problems, but I wasn't super keen to switch to the nightly release train, so I manually backported the fix and it's working. Beware that editing requires unsetting readonly on the system volume, so this is probably risky, but if you want a quick solution that works for now...

As root/sudo:

• zfs set readonly=off boot-pool/ROOT/24.04.0/usr
• edit /usr/lib/python3/dist-packages/middlewared/plugins/chart_releases_linux/schema.py and make these changes.
• zfs set readonly=on boot-pool/ROOT/24.04.0/usr
• systemctl restart middlewared (or reboot)

Again be warned that this is risky, maybe down the line I'll pay if there is some issue with editing the filesystem when it comes time to update but I know how to work around it, ymmv.

from charts.