IBM Support

IBM Maximo Application Suite 8.3 - After installation of Behavior Analytics Services the Proxy pod having errors

Troubleshooting


Problem

 After installation of Behavior Analytics Services the Proxy pod is showing errors:
NAME                                    READY           STATUS                 RESTARTS        AGE
......
simple-reverse-proxy-xxxxxx-xxxxxxx     0/1             CrashLoopBackOff       313             26h4
......
And in proxy pod logs we can see:
[root@ibmserver mas-bas]# oc logs -f simple-reverse-proxy-xxxxxx-xxxxxxxx
2021/04/01 23:06:55 [emerg] 14#0: cannot load certificate "/etc/nginx/private/tls.crt": 

PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

nginx: [emerg] cannot load certificate "/etc/nginx/private/tls.crt": PEM_read_bio_X509_AUX() failed SSL:error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

Cause

The reason why the error occurs is because the certificate and key in the "mtls-proxy-secret" secret are missing the begging and ending lines:
Example:
tls.crt should start and end with:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----



tls.key should start and end with:

-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

Diagnosing The Problem

The error message suggests that the certificates used by the nginx server cannot be loaded because the certificates do not have the expected starting line:
nginx: [emerg] cannot load certificate "/etc/nginx/private/tls.crt": PEM_read_bio_X509_AUX() failed SSL:error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

Resolving The Problem

Add -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- for tls.crt and tls.key and re-create the "mtls-proxy-secret" secret. Afterward delete the simple-reverse-proxy to pick up and use the new configuration.
For example, the mtls-proxy-secret.yml file:
kind: Secret
apiVersion: v1
metadata:
  name: mtls-proxy-secret
  namespace: mas-bas
  selfLink: /api/v1/namespaces/mas-bas/secrets/mtls-proxy-secret
  uid:xxxxxxxxxxxxx
  resourceVersion: '3043256'
  creationTimestamp: '2021-03-31T20:02:56Z'
  managedFields:
    - manager: axios
      operation: Update
      apiVersion: v1
      time: '2021-03-31T20:02:56Z'
      fieldsType: FieldsV1
      fieldsV1:
        'f:data':
          .: {}
          'f:tls.crt': {}
          'f:tls.key': {}
        'f:type': {}
data:
  tls.crt: >-
-----BEGIN CERTIFICATE-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PRIVATE KEY-----
  tls.key: >-
-----BEGIN RSA PRIVATE KEY-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PRIVATE KEY-----
type: kubernetes.io/tls
Steps:
> oc login
> oc delete secret mtls-proxy-secret -n mas-bas
> oc apply -f mtls-proxy-secret.yml
> oc delete pod simple-reverse-proxy-xxxxxxxx-xxxx

Document Location

Worldwide

[{"Type":"SW","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRHPA","label":"IBM Maximo Application Suite"},"ARM Category":[{"code":"a8m3p000000GoLBAA0","label":"Maximo Application Suite->Installation"}],"ARM Case Number":"TS005345222","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.3.0"}]

Document Information

Modified date:
09 April 2021

UID

ibm16441687

Page Feedback