SCIM 1.4.1 on Google Kubernetes Engine failed: http: TLS handshake error from 192.168.42.18:54485:
Hello,
i'm trying to deploy scim bridge on gke 1.14.10-gke.40.
Deployment is fine until I'm trying to validate domain. DNS is correctly resolved but it seems that system is unable to generated certificate!
Log file:
[LOG] [1.4.1] 2020/06/15 13:17:17 (INFO) welcome to the 1Password SCIM bridge, starting up...
[LOG] [1.4.1] 2020/06/15 13:17:17 (INFO) using host op-scim-bridge-2-redis-svc for redis connection
[LOG] [1.4.1] 2020/06/15 13:17:17 (INFO) starting to poll for component health reports
[LOG] [1.4.1] 2020/06/15 13:17:17 (INFO) registering new component: 'RedisCache'
[LOG] [1.4.1] 2020/06/15 13:17:17 (INFO) successfully connected to cache
[LOG] [1.4.1] 2020/06/15 13:17:17 (INFO) configured to log to redis
[LOG] [1.4.1] 2020/06/15 13:17:17 (INFO) registering new component: 'SetupServer'
[LOG] [1.4.1] 2020/06/15 13:17:17 (INFO) starting setup server on :8080
[LOG] [1.4.1] 2020/06/15 13:17:58 (INFO) Handling GET: /
[LOG] [1.4.1] 2020/06/15 13:17:58 (INFO) Handling GET: /static/main.css
[LOG] [1.4.1] 2020/06/15 13:17:58 (INFO) Handling GET: /static/img/scim-bridge.svg
[LOG] [1.4.1] 2020/06/15 13:17:58 (INFO) Handling GET: /static/main.js
[LOG] [1.4.1] 2020/06/15 13:17:58 (INFO) Handling GET: /static/img/healthy.svg
[LOG] [1.4.1] 2020/06/15 13:23:40 (INFO) Handling GET: /verify
[LOG] [1.4.1] 2020/06/15 13:23:40 (INFO) upgrading setup server to TLS
[LOG] [1.4.1] 2020/06/15 13:23:40 (INFO) registering new component: 'ChallengeServer'
[LOG] [1.4.1] 2020/06/15 13:23:40 (INFO) starting LetsEncrypt challenge server on :8080
[LOG] [1.4.1] 2020/06/15 13:23:40 (INFO) starting setup server on :8443
redicrypt: getting cert for key redicrypt/scimpub.data.adeo.cloud
redicrypt: getting cert for key redicrypt/acme_account+key
redicrypt: getting cert for key redicrypt/acme_account.key
redicrypt: writing cert for key redicrypt/acme_account+key
redicrypt: writing cert for key redicrypt/scimpub.data.adeo.cloud+token
redicrypt: writing cert for key redicrypt/_-8hewUf9veqB27mEiKCdo7FLSuvhwdHp43cgmoQH2o+http-01
redicrypt: writing cert for key redicrypt/scimpub.data.adeo.cloud
2020/06/15 13:23:46 http: TLS handshake error from 192.168.42.22:54580: remote error: tls: unknown certificate
what's wrong
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @jfmarquis!
We will be happy to help you with this. I noticed that you also sent us an email with the same question. So we don't duplicate the answers by replying to you in multiple places, we will take a look and someone will get back to your email as soon as possible.
Thank you for your patience!
ref: EZA-96481-478
0 -
Hello team,
after deploying scim bridge from marketplace, application has obtain a certificate from let's encrypt (very very long) but now i'm blocked with this error:
is there anything to do to correct? any missing scope?
[LOG] [1.4.1] 2020/06/16 04:53:57 (INFO) Handling GET: /
[LOG] [1.4.1] 2020/06/16 04:53:58 (INFO) Handling GET: /
[LOG] [1.4.1] 2020/06/16 05:02:46 (INFO) Handling POST: /install
[LOG] [1.4.1] 2020/06/16 05:02:46 (INFO) validating localAuth file
[LOG] [1.4.1] 2020/06/16 05:02:46 (INFO) localAuth file valid, writing to disk, /secret/scimsession
[LOG] [1.4.1] 2020/06/16 05:02:46 (ERROR) failed to WriteToPath: open /secret/scimsession: permission denied
[LOG] [1.4.1] 2020/06/16 05:02:46 (INFO) 500 (Internal Server Error)
Thanks for your help
we are blocked1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
@jfmarquis This is an issue with the marketplace configuration used for v1.4.1, we're currently working on getting a fix submitted to Google for review. If you are able to use kubectl to downgrade your bridge to v1.3.1, that is a viable workaround, but otherwise please send an email to business@1password.com and your request will get routed to my team where we can provide you updates as to when a fixed version becomes available (should be within a day or two, depending on how long it takes to be accepted to the marketplace)
0 -
As a follow up note @jfmarquis, v1.4.2 has been released to the GCP Kubernetes Marketplace and has fixed the permissions bug.
0 -
I confirm great job
0 -
Thank you for the update @jfmarquis! That's great to hear :)
0
