Solved

IFS Cloud 21R2 Service Update 6 MT installation issue

  • 31 July 2022
  • 9 replies
  • 576 views

Badge +5

Hi Guys,

When we try to install the Middle tier we get the below error,

Error: execution error at (ifs-cloud/charts/ifscore/templates/secrets.yaml:12:18): Value for tls.cert is required
helm.go:94: [debug] execution error at (ifs-cloud/charts/ifscore/templates/secrets.yaml:12:18): Value for tls.cert is required
SEVERE: Failed to install ifs-cloud

When we try to import the self signed certificate to the keystore it’s throwing an keystore password error.
 


Does anyone has the same issue when doing a fresh install of the middle tier?

icon

Best answer by Charith Epitawatta 3 August 2022, 20:36

View original

9 replies

Userlevel 7
Badge +31

Hi @HGTDAVIDS,

Could you show how you have specified the certificateFile parameter in your ifscloud-values.yaml file? Make sure you have specified the full path to the file, including the file name. 

Eg:c:\path\to\yourcert.pfx

 

If you need a self-signed certificate, what you need to do is NOT specify a certificate file in ifscloud-values.yaml file. Then the installer will automatically generate a certificate. Have a look at the installation parameters documentation here:

https://docs.ifs.com/techdocs/21r2/020_installation/200_installing_ifs_cloud/035_ifs_cloud_ifsinstaller/030_installation_parameters/#general-parameters

Hope this helps!

Badge +5

Hi @Charith Epitawatta ,

Thank you for your prompt response on this. 

I did try the way you told me to have a self signed certificate. This time I got a different error. 

[Mon Aug 01 13:18:42 UTC 2022] - WARNING: Generating self-signed certificate. This will not be persisted.
[Mon Aug 01 13:18:44 UTC 2022] - SEVERE: Unable to handle certificates. java.io.FileNotFoundException: C:\IFS\ifsroot\deliveries\buildhome\ifsinstaller\ifscloudKS.pfx (The system cannot find the file specified)

I couldn’t find a ifscloudKS.pfx in that mentioned location.

The small change I did was when I was running the main.ps1 file initially I didn’t have the ifscloud-value.yaml file. without having that file I was able to run the main.ps1 and then the installer.cmd for database objects deployment (ex: action=dbinstaller). 

I reran the main.ps1 now with ifscloud-value.yaml file but I had empty value for certificateFile parameter, because I read somewhere that the ifscloud-values.yaml file should be there when running the management server preparation. Then I didn’t rerun the database objects deployment I straightaway ran the installer.cmd for middle tier installation. 

Eg: installer.cmd --set action=mtinstaller  --values C:\IFS\ifsroot\config\ifscloud-values.yaml

Please note I’m installing the IFS Cloud 21R2 Service Update 6 fresh installation. According to the docs the main.ps1 will handle all the server preparation for the management server. Please let me know if there are any other steps I’m missing in the middle during the installation.

Thanks in advance!

Userlevel 7
Badge +31

Hi @HGTDAVIDS,

So it seems you are not getting the error you were getting earlier. 

[Mon Aug 01 13:18:42 UTC 2022] - WARNING: Generating self-signed certificate. This will not be persisted.
[Mon Aug 01 13:18:44 UTC 2022] - SEVERE: Unable to handle certificates. java.io.FileNotFoundException: C:\IFS\ifsroot\deliveries\buildhome\ifsinstaller\ifscloudKS.pfx (The system cannot find the file specified)
 

The first one is a warning and makes sense, since you are attempting to use a self-signed certificate. Every time the installer is run, a new certificate will be generated, which must be why it is saying “This will not be persisted”

I am not familiar with the second one. Could you check if you have duplicate entries for certificate file in your ifscloud-values.yaml file? I checked in one of our internal environments and there is no certificate file in the mentioned location of that environment either. 

The way you run the installer seems correct, but doublecheck whether the solutionset.yaml file is in the correct location as mentioned here:

https://docs.ifs.com/techdocs/22r1/070_remote_deploy/010_installing_fresh_system/200_installing_ifs_cloud/060_deploy_middle_tier/

If you still can’t get the issue resolved, it would be better to open a case as I feel this would require some hands on investigation. 

Hope this helps!

Badge +5

Hi @HGTDAVIDS,

So it seems you are not getting the error you were getting earlier. 

[Mon Aug 01 13:18:42 UTC 2022] - WARNING: Generating self-signed certificate. This will not be persisted.
[Mon Aug 01 13:18:44 UTC 2022] - SEVERE: Unable to handle certificates. java.io.FileNotFoundException: C:\IFS\ifsroot\deliveries\buildhome\ifsinstaller\ifscloudKS.pfx (The system cannot find the file specified)
 

The first one is a warning and makes sense, since you are attempting to use a self-signed certificate. Every time the installer is run, a new certificate will be generated, which must be why it is saying “This will not be persisted”

I am not familiar with the second one. Could you check if you have duplicate entries for certificate file in your ifscloud-values.yaml file? I checked in one of our internal environments and there is no certificate file in the mentioned location of that environment either. 

The way you run the installer seems correct, but doublecheck whether the solutionset.yaml file is in the correct location as mentioned here:

https://docs.ifs.com/techdocs/22r1/070_remote_deploy/010_installing_fresh_system/200_installing_ifs_cloud/060_deploy_middle_tier/

If you still can’t get the issue resolved, it would be better to open a case as I feel this would require some hands on investigation. 

Hope this helps!

Hi @Charith Epitawatta,

I don’t have my solution.yaml file will that be the issue here. Also could you please let me know where should I be getting the solution.yaml file (its not inside build home), if not I could create a dummy one with only few components enabled. I do not know where to download it from the build place.

Please send me how to leave the certificateFile parameter blank. I just cleared the value for it and saved it. Or else should completely comment out the parameter itself? If that makes any difference in the progress.

Thanks in advance!

Badge +5

Hi @Charith Epitawatta 

We created a self signed certificate through open-ssl and tried to install the middle tier and now we get a different error.

Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "10.152.183.1")

Are you familiar with the above error? We created the self signed certificate through the below commands,

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout <Cert_Name>.key -out <Cert_Name>.crt

Convert to .pfx:

openssl pkcs12 -export -out <Cert_Name>.pfx -inkey <Cert_Name>.key -in <Cert_Name>.crt

Thanks in advance!

Userlevel 7
Badge +31

Hi @HGTDAVIDS,

Hi @Charith Epitawatta,

I don’t have my solution.yaml file will that be the issue here. Also could you please let me know where should I be getting the solution.yaml file (its not inside build home), if not I could create a dummy one with only few components enabled. I do not know where to download it from the build place.
 

Sorry about the late response. You do need the solutionset.yaml file. According to this documentation.

Excerpt from the documentation:

The installer will by default read the solutionset.yaml from the ifsinstaller folder in the build_home or the delivery. The installer will use the solutionset.yaml to determine which containers to deploy in middle tier. If the installer is not fed with a solutionset.yaml (or can't find it in ifsinstaller folder) it assumes all components are active and will deploy all available containers.

Therefore you need to place the solutionset.yaml file in ifsinstaller folder or specify it in the command line when running the installer. 

To my knowledge, and according to the documentation, you should be able to find the solutionset.yaml file in your customer solution repository, under the fndbas component. You can access your customer solution repository from your build place. 

Try the installation again with the solutionset.yaml file so that only the necessary components will be installed. 

Please send me how to leave the certificateFile parameter blank. I just cleared the value for it and saved it. Or else should completely comment out the parameter itself?

I think you can just comment out both certificateFile and certificatePassword parameters as they are not mandatory according to the documentation as well. 

Hope this helps!

Badge +5

Hi @Charith Epitawatta 

Thank you for the guidance. That worked for us but I just have a small question after successfully installing IFS Cloud through installer.cmd, I still can’t access the application through system URL given in the ifscloud-values.yaml file.

Am I missing anything here, according to the docs.ifs.com once the installer.cmd runs successfully we should be able to access the landing page through the system URL given, but it is not working for us.

Thanks in advance! 

Badge +5

Hi @Charith Epitawatta 

I configured the application instance on a very minimum level with only 2 OData containers, but still they are in pending state. I believe because of this only we cannot access the instance by the URL configured. 
 


Please instruct us if you have any input on this. Else please loop in any expert on this area.

Thanks in advance!

Badge +5

Hi @Charith Epitawatta 

I configured the application instance on a very minimum level with only 2 OData containers, but still they are in pending state. I believe because of this only we cannot access the instance by the URL configured. 
 


Please instruct us if you have any input on this. Else please loop in any expert on this area.

Thanks in advance!



It was due to Linux box didn’t have enough CPU to run the containers, once we scaled it up we were able to bring the pods running. Now the system URL page is not loading but it should be a different issue related to network layer. We will work on that.

Thank you @Charith Epitawatta for your continuous support on this.

Reply