Charm is in maintenance but does not recover #162
Comments
|
Would you be able to provide the juju debug-log for this unit? One thing that could be happening is that we run lego as a separate process and wait for it to complete, maybe the timeout mechanism is broken. |
|
@ghislainbourgeois prodstack cannot extract per app logs, they are empty. I can just run |
|
@beliaev-maksim in the |
|
let me in meantime update to the latest revision. but if you can look in parallel on what could happen, then it would be great |
|
@ghislainbourgeois if you can find something |
|
I'm pretty sure this issue was fixed when we moved to using the collect status event handler. In other words, if you refresh the charm you should be good to go. |
|
@ghislainbourgeois @gruyaume that is a UX disaster... |
|
Yes the charm won't show up as in error/blocked if it did not provide a certificate to a request. We are planning to add a field in the status to mention the number of certificate requests fulfilled (see #154) but the charm status itself will remain Active as it is functioning correctly. |
|
@gruyaume what could be done for the charm to re-request the certs ? I do not want to scale up/down every day |
|
This is already done on update status events, every 5min (or however long the update status is set of the model), the charm will look at the outstanding certificate requests and re-request. |
|
From what I investigated yesterday, the current version does not set the status to maintenance at all. So the previous issue should not reoccur. I think we can definitely improve the logging and what we set in the status. We also have some plans to get rid of the workload completely, making this charm k8s or machine agnostic, and it will also help us get more control on the certificate request process. |
|
I'm going to close this as the original issue was addressed. The charm status message item is tracked through issue #154 |
|
latest deployment |
|
Reopenning based on feedback from @beliaev-maksim |
|
@beliaev-maksim can you pleas include more information as to what the problem actually is. You mentioned having to scale up/down the charm but that's a workaround to a problem. What is the problem? Also can you please provide the following information
|
|
@gruyaume my workload requires TLS on the connection. I use combination of LEGO with nginx to do it. from juju status command all the workloads look to be green and active. However, after some time we start to receive an issue in production that requests fail due to self signed certificates. I assume something gets corrupted on LEGO and my workload switches to Kubernetes self signed certs. To recover proper certs I have to scale down and up the LEGO charm. That resolves the issue immediately. debug logs you can find in the comment above: #162 (comment) I cannot use jhack. That is ProdStack, I do not have sudo access to install external tools |
|
What is the workload that "switches to k8s self signed certs"? Could the issue be in that charm? |
|
looks like there were a bunch of TLS issues on nginx canonical/nginx-ingress-integrator-operator#137 |
|
close the issue for now, will reopen if observe certificate issues |
Bug Description
I have the charm deployed and sometimes it does go into unrecoverable maintenance mode. I assume there might be some issue with LEGO on our side and it feel like the charm does not retry, which leads to the case where my workload switches to K8s self signed certs.
then I have to run
to recover
can this be fixed?
To Reproduce
Environment
Relevant log output
Additional context
No response
The text was updated successfully, but these errors were encountered: