Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to decrypt the secret values from data store for rule. st2schedular not mounting "st2-encryption-key-vol" volume. #147

Closed
rahulshinde26 opened this issue Aug 11, 2020 · 4 comments · Fixed by #148
Closed

Unable to decrypt the secret values from data store for rule. st2schedular not mounting "st2-encryption-key-vol" volume. #147

rahulshinde26 opened this issue Aug 11, 2020 · 4 comments · Fixed by #148
Labels
bug Something isn't working

Comments

@rahulshinde26
Copy link
Contributor

Getting below error in st2 schedular when trying to access the secret from st2kv with decryptkv.

{
"error": "Failed to render parameter "password": [Errno 2] No such file or directory: '/etc/st2/keys/datastore_key.json'",
"traceback": " File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2reactor/rules/enforcer.py", line 201, in _invoke_action
additional_contexts=additional_contexts)
File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2reactor/rules/enforcer.py", line 83, in get_resolved_parameters
additional_contexts=additional_contexts)
File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2common/util/param.py", line 311, in render_live_params
context = _resolve_dependencies(G)
File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2common/util/param.py", line 228, in _resolve_dependencies
raise ParamException(msg)
"
}
@arm4b
Copy link
Member

arm4b commented Aug 11, 2020

Thanks for the report!

Can you provide the full unstripped log?
How did you find it’s happening in st2scheduler?

@rahulshinde26
Copy link
Contributor Author

rahulshinde26 commented Aug 12, 2020
edited
Loading

This is the only log I see on UI.

This was happening when I was trying to schedule a WF using intervaltimer for every 30 minutes.
If I execute action manually it works fine, but when triggered through the rule using intervaltimer, it results in above error.
I am passing the parameters to action using st2kv which are encrypted. Non- encrypted parameters are passed properly without any issue.
snapshot from enforcements:
snapshot

@rahulshinde26
Copy link
Contributor Author

rahulshinde26 commented Aug 12, 2020
edited
Loading

This is the rule i was creating. decrypt_kv is causing the error mentioned in this issue.

---
  name: "scheduler_rule"                     
  pack: "my_pack"                       
  description: "Calls my wf repeatitively every 10 minutes"       
  enabled: true                          
  trigger:
    type: "core.st2.CronTimer"
    parameters:
      timezone: "UTC"
      minute: 0/10
  action:                                
    ref: "my_pack.scheduler_master"
	parameters:
      host: "{{ st2kv.system.host }}"
      username: "{{ st2kv.system.username }}"
      password: "{{ st2kv.system.password | decrypt_kv }}"

@arm4b arm4b added bug Something isn't working and removed status:need more info labels Aug 12, 2020
@rahulshinde26 rahulshinde26 mentioned this issue Aug 12, 2020
Merged
@arm4b
Copy link
Member

arm4b commented Aug 12, 2020

Thanks for more details, this clarifies the issue very well now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

mounting datastore_crypto_key for scheduler deployment rahulshinde26/stackstorm-ha
2 participants
@arm4b @rahulshinde26