Troubleshooting
Problem
After installation of Behavior Analytics Services the Proxy pod is showing errors:
NAME READY STATUS RESTARTS AGE
......
simple-reverse-proxy-xxxxxx-xxxxxxx 0/1 CrashLoopBackOff 313 26h4
......
And in proxy pod logs we can see:
[root@ibmserver mas-bas]# oc logs -f simple-reverse-proxy-xxxxxx-xxxxxxxx
2021/04/01 23:06:55 [emerg] 14#0: cannot load certificate "/etc/nginx/private/tls.crt":
PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [emerg] cannot load certificate "/etc/nginx/private/tls.crt": PEM_read_bio_X509_AUX() failed SSL:error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
Cause
The reason why the error occurs is because the certificate and key in the "mtls-proxy-secret" secret are missing the begging and ending lines:
Example:
tls.crt should start and end with:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
tls.key should start and end with:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
Diagnosing The Problem
The error message suggests that the certificates used by the nginx server cannot be loaded because the certificates do not have the expected starting line:
nginx: [emerg] cannot load certificate "/etc/nginx/private/tls.crt": PEM_read_bio_X509_AUX() failed SSL:error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
Resolving The Problem
Add -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- for tls.crt and tls.key and re-create the "mtls-proxy-secret" secret. Afterward delete the simple-reverse-proxy to pick up and use the new configuration.
For example, the mtls-proxy-secret.yml file:
kind: Secret
apiVersion: v1
metadata:
name: mtls-proxy-secret
namespace: mas-bas
selfLink: /api/v1/namespaces/mas-bas/secrets/mtls-proxy-secret
uid:xxxxxxxxxxxxx
resourceVersion: '3043256'
creationTimestamp: '2021-03-31T20:02:56Z'
managedFields:
- manager: axios
operation: Update
apiVersion: v1
time: '2021-03-31T20:02:56Z'
fieldsType: FieldsV1
fieldsV1:
'f:data':
.: {}
'f:tls.crt': {}
'f:tls.key': {}
'f:type': {}
data:
tls.crt: >-
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PRIVATE KEY-----
tls.key: >-
-----BEGIN RSA PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PRIVATE KEY-----
type: kubernetes.io/tls
Steps:
> oc login
> oc delete secret mtls-proxy-secret -n mas-bas
> oc apply -f mtls-proxy-secret.yml
> oc delete pod simple-reverse-proxy-xxxxxxxx-xxxx
Document Location
Worldwide
[{"Type":"SW","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRHPA","label":"IBM Maximo Application Suite"},"ARM Category":[{"code":"a8m3p000000GoLBAA0","label":"Maximo Application Suite->Installation"}],"ARM Case Number":"TS005345222","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.3.0"}]
Was this topic helpful?
Document Information
Modified date:
09 April 2021
UID
ibm16441687