Help Getting Secrets-Bridge Running

gsurbey · August 23, 2016, 10:58pm

###Hello Rancher community, this is my first post here.

I’m trying to get the Rancher Secrets-Bridge software up and running in my Rancher test environment. I realize that it is an Experimental Proof Of Concept project, but I think it’s a really good solution to getting Rancher and Vault integrated. I’d like to work toward productionizing it.

I ran into a few issues along the way, figured those out, and so I submitted some pull requests to help towards development in the community.
https://github.com/rancher/secrets-bridge/pull/7
https://github.com/rancher/secrets-bridge/pull/8/

I noticed that cloudnautique is the maintainer of this repository and I was hoping to possibly grab his attention here so that he could merge the above pull requests and / or give me some feedback on if I can improve the pull requests such that they are good to be merged into upstream. Also, I noticed that the LICENSE file is empty at the moment. I don’t really mind so much what LICENSE is ultimately chosen for the project, but it would be good to have one in place in order to unambiguously govern community code submissions going forward.

###So, without further ado, here is the current blocker that is preventing me from getting Secrets-Bridge running

####This is the log output from secrets bridge agent

8/22/2016 9:43:41 PMtime="2016-08-23T01:43:41Z" level=info msg="Entering event listening Loop"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="Received action: start, from container: 6cb9186a9516446e16c2a4f163e651133a1ab5e33570e34a3a8e71d678782248"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="Received: r-ubuntu as a container name"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="Using: ubuntu as a container name"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="UUID: 32239359-d8be-44c0-8091-2222a2279e74 found"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="Packaged Message: &agent.ContainerEventMessage{Event:(*events.Message)(0xc4201b5480), UUID:\"32239359-d8be-44c0-8091-2222a2279e74\", Action:\"start\", Host:\"fb22d217dae8\", ContainerType:\"cattle\"}"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="UUID: a9d77952-b726-48af-a842-9636a3d671d8"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="Time: 1471916675"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="hmac: 6d8c10289849a164522bffaebf6a147212857faa26b77ce05263875deda5ba41"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=fatal msg="Error: Post http://172.16.1.50:8181/v1/message: EOF"

####This the log output from secrets bridge server

8/22/2016 9:43:39 PMtime="2016-08-23T01:43:39Z" level=info msg="Listening on port: 8181"
8/22/2016 9:43:39 PMtime="2016-08-23T01:43:39Z" level=debug msg="Scheduling refresh timer for: 256782"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="UUID: a9d77952-b726-48af-a842-9636a3d671d8"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="Timestamp: 1471916675"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="HMAC: 6d8c10289849a164522bffaebf6a147212857faa26b77ce05263875deda5ba41"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="Received start event for container UUID: 32239359-d8be-44c0-8091-2222a2279e74"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=info msg="Verifing: 32239359-d8be-44c0-8091-2222a2279e74"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="Verifing: start"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="Verifing: fb22d217dae8"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="Verifing: cattle"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="rancher ext id: 6cb9186a9516446e16c2a4f163e651133a1ab5e33570e34a3a8e71d678782248 for eventId: 6cb9186a9516446e16c2a4f163e651133a1ab5e33570e34a3a8e71d678782248"
8/22/2016 9:44:35 PMtime="2016-08-23T01:44:35Z" level=debug msg="Is Verified? true"
8/22/2016 9:44:35 PM2016/08/23 01:44:35 http: panic serving 172.17.0.1:57660: runtime error: invalid memory address or nil pointer dereference
8/22/2016 9:44:35 PMgoroutine 42 [running]:
8/22/2016 9:44:35 PMnet/http.(*conn).serve.func1(0xc42000ec00)
8/22/2016 9:44:35 PM    /usr/local/go/src/net/http/server.go:1491 +0x12a
8/22/2016 9:44:35 PMpanic(0x8db6e0, 0xc420018040)
8/22/2016 9:44:35 PM    /usr/local/go/src/runtime/panic.go:458 +0x243
8/22/2016 9:44:35 PMgithub.com/rancher/secrets-bridge/verifier.getStackFromService(0xc420082400, 0x0, 0x0, 0x0, 0x0)
8/22/2016 9:44:35 PM    /root/go/src/github.com/rancher/secrets-bridge/verifier/utils.go:27 +0x58
8/22/2016 9:44:35 PMgithub.com/rancher/secrets-bridge/verifier.(*RancherVerifiedResponse).PrepareResponse(0xc4203cd980, 0xc420010b01, 0xc420110000, 0xc420082400, 0xc42012b5d4, 0x9)
8/22/2016 9:44:35 PM    /root/go/src/github.com/rancher/secrets-bridge/verifier/rancherResponse.go:15 +0x69
8/22/2016 9:44:35 PMgithub.com/rancher/secrets-bridge/verifier.(*RancherVerifier).Verify(0xc420026000, 0xc420010be0, 0x1, 0xc42012a720, 0xc420010c30, 0x4d)
8/22/2016 9:44:35 PM    /root/go/src/github.com/rancher/secrets-bridge/verifier/client.go:77 +0x45d
8/22/2016 9:44:35 PMgithub.com/rancher/secrets-bridge/bridge.ContainerStart(0xdb20c0, 0xc4201bd6c0, 0xc420010be0, 0x1, 0x1)
8/22/2016 9:44:35 PM    /root/go/src/github.com/rancher/secrets-bridge/bridge/server.go:147 +0x57
8/22/2016 9:44:35 PMgithub.com/rancher/secrets-bridge/bridge.messageHandler(0xdb20c0, 0xc4201bd6c0, 0xc4200b2c30)
8/22/2016 9:44:35 PM    /root/go/src/github.com/rancher/secrets-bridge/bridge/server.go:120 +0x286
8/22/2016 9:44:35 PMgithub.com/rancher/secrets-bridge/bridge.tokenVerificationHandler(0xdb20c0, 0xc4201bd6c0, 0xc4200b2c30)
8/22/2016 9:44:35 PM    /root/go/src/github.com/rancher/secrets-bridge/bridge/server.go:91 +0x1d7
8/22/2016 9:44:35 PMnet/http.HandlerFunc.ServeHTTP(0x9a7af0, 0xdb20c0, 0xc4201bd6c0, 0xc4200b2c30)
8/22/2016 9:44:35 PM    /usr/local/go/src/net/http/server.go:1726 +0x44
8/22/2016 9:44:35 PMgithub.com/rancher/secrets-bridge/vendor/github.com/gorilla/mux.(*Router).ServeHTTP(0xc4200109b0, 0xdb20c0, 0xc4201bd6c0, 0xc4200b2c30)
8/22/2016 9:44:35 PM    /root/go/src/github.com/rancher/secrets-bridge/vendor/github.com/gorilla/mux/mux.go:107 +0x104
8/22/2016 9:44:35 PMnet/http.serverHandler.ServeHTTP(0xc42000eb80, 0xdb20c0, 0xc4201bd6c0, 0xc4200b2c30)
8/22/2016 9:44:35 PM    /usr/local/go/src/net/http/server.go:2202 +0x7d
8/22/2016 9:44:35 PMnet/http.(*conn).serve(0xc42000ec00, 0xdb2900, 0xc4201cf1c0)
8/22/2016 9:44:35 PM    /usr/local/go/src/net/http/server.go:1579 +0x4b7
8/22/2016 9:44:35 PMcreated by net/http.(*Server).Serve
8/22/2016 9:44:35 PM    /usr/local/go/src/net/http/server.go:2293 +0x44d

Any help towards debugging the error message above would be greatly appreciated. Maybe the way I have Rancher networking configured for both secrets-bridge agent and secrets-bridge server has to do with it?

By the way, please do post if you currently have Secrets-Bridge running correctly in your environment; I would very much like to receive tips and pointers. Is anyone else out there using this software? Thanks!

gsurbey · September 2, 2016, 9:06pm

I resolved the error described above via this pull request:
github(dot)com/rancher/secrets-bridge/pull/9

I had to obfuscate the above URL because the of the bad default form posting policy on this site that doesn’t let new forum users post more than two links per a thread… I mean, how can anyone describe anything nowadays without providing links? I’d be happier if I had to fill out a CAPTCHA for every single URL, or something alternative like that. But anyway…

Topic		Replies	Views
Secrets architecture Rancher 1.x	0	766	November 18, 2016
It would be cool to save some setting in a vault per environment Rancher 1.x	4	1203	June 10, 2016
Rancher secrets Rancher 2.x	2	547	July 26, 2019
Set secrets backend to Vault programatically? Rancher 1.x	0	614	April 17, 2018
Support for Secrets in Rancher 2.0	3	1352	May 21, 2018

Help Getting Secrets-Bridge Running

Related Topics