-
Notifications
You must be signed in to change notification settings - Fork 447
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Artifactory single node won't start, claims join key is missing. #1917
Comments
Hello, same here..... Edit : Before on a working version ls /var/opt/jfrog/artifactory/etc/security
main.key join.key On latest version : ls /var/opt/jfrog/artifactory/etc/security
main.key We have thats logs in copy-system-configuration init container
So before we have both of those 2 key together in the same folder, but that change here |
@Momotoculteur which version did you have this working on before? We're facing the same issue |
@reespozzi for the moment we stay at 107.84.21 (helm chart) |
@Momotoculteur I installed chart version 107.84.21 (helm chart) and I am still getting the error Join key is missing. Could you please share the helm values file. I see the join key in the location var/bootstrap/access/etc/security/join.key but unable to find it here /opt/jfrog/router/var/etc/security |
Have you gotten to this version by gradually upgrading an existing installation or have you installed in from scratch at some point? It seems the problem lies with the bootstrap code which is only executed on a new installation, but is skipped when an existing installation is detected. The next thing we want to try is to copy the whole data volume and the database to the new installation prior to starting artifactory to avoid executing the bootstrap. I also want to read the bootstrap code to try to understand what might be going wrong. |
I wasn't able to find the bootstrap code in jfrog's github projects, I was looking for the error messages we are getting. |
I am facing the same issue. Although I copied join key to correct path via connecting the pod, it doesn't work. Do we really have to use master and join keys if we don't use HA? |
We did get this fully working in the end Most importantly, I don't think the join key or master key matter for the non-HA installation, but yes we had to supply them. We created secrets in AKS for both with identical values for We also saw this join key error when setting an admin password as a sealed secret but not having the format correct, the format is weird and expects this bootstrap.creds='[email protected]=Password' -- this article helped us move past it Please also note, if you see an error about Another note, because we deploy via flux and we have PVCs, we were often deleting these and letting them get rebuilt from scratch along with the artifactory deployment. I'm not sure exactly what's persisted to data storage in terms of keys, but if you're not bothered about your data in there, could be worth a fresh deployment once you define the keys yourself. I say this because at times when we tried to place a
We are doing a fresh install on 107.84.21 , haven't tried any other versions yet |
@reespozzi We did same deployment from scratch and it worked well. But for some reason if the pod restarted then it doesn't work again. Did you try to restart the pod anyway? |
We've restarted the pod, deleted the Helm Release etc and it all spins back up for us yes, we don't touch anything manually during the install, perhaps the error will show in artifactory container logs |
I'm not sure I can see what exactly in @reespozzi 's case solves the problem
|
found your configmap, it contains |
Of course if you're using postgres you won't set this to true - Maybe to clarify sorry, our pvc is for an azure managed disk, this is why we need the system.yaml change. Can you see errors in the artifactory container? This is where we saw it complaining about initialising our storage, maybe there's a postgres error in there for you config map is just general stuff for our config about repositories or security, probably could've been left out the conversation, not directly related to the secrets |
ok, we'll try to read through the logs again. For now we were focused on the messages about the join key, but if I understand you well it could be a false symptom of something else going wrong during the bootstrap. Thank you for sharing your insights! |
aha, you were correct @reespozzi , I have initially missed this warning:
so the error is in the database configuration. |
@artm ah nice, it's weird that seemingly all bootstrap / setup errors result in artifactory logs repeatedly spitting out join-key errors, and it's really misleading |
similar problem: #1823 we also first see succesful database configuration:
but later on:
... |
after installation from scratch and couple of restarts.
I have only updated as below in the value file:
previously
|
FYI: this also works for us on |
I still don't understand what exactly goes wrong. We clean up the database between installation attempts and eventually it gets filled with 90 tables, so the setup process is able to connect to and use the database. Sounds like the Database connection check failed Could not determine database type is another red herring. |
We have tried to start the new instance with the copy of the data volume from the existing installation, but we still get Cluster join: Join key is missing. Pending for 5 seconds with 60 seconds timeout and no ready artifactory. Right before that error we see:
could this be the actual error that causes bootstrap to go wrong? |
Hi @artm I reviewed this thread and I have some ideas what might happen. When Artifactory Service (jfrt) is printing the following log line: Following Artifactory 7.90 we separated Access to a different container (see Individual JVM for Access Service In some clusters, you might need to add Resource Request/Limit per container, in order to provide a container more resources then the default (which might not be enough) - Can you confirm you have some default resources per container in your cluster? You can also investigate access-service.log to see if the Access service behave as expected (up and running) while jfrt is trying to reach out and resolve the Join Key. Thanks! |
I found a solution that worked for me and hopefully, it can help you as well. Here's what I did:
Delete the access_db_check data: Reinstall Artifactory: |
I have |
FIxed this issue by activate following jfrog uService : jfConnect, metadata, access (the most important) |
Is this a request for help?: yes
Is this a BUG REPORT or
FEATURE REQUEST? (choose one): BUG REPORTVersion of Helm and Kubernetes: helm 3.12.0, RKE2 kubernetes 1.28.10+rke2r1
Which chart: artifactory, 107.90.9
Which product license (Enterprise/Pro/oss): Pro
JFrog support reference (if already raised with support team): -
What happened: While deploying artifactory to a new cluster, we are unable to get it running with the helm chart configuration as close to the running version as possible.
This is the initial installation of artifactory on these cluster, an older installation is running on a different cluster with older kubernetes and slightly different configuration.
We tried to install the same version of the chart as on the old cluster (107.59.18) and several version between that and the latest one.
One difference between the two installation is that we use builtin postgresql on the old cluster and external postgresql cluster on the new one.
What you expected to happen: artifactory starts.
How to reproduce it (as minimally and precisely as possible):
helm override file:
the rest of the configuration is probably irrelevant for the problem, but here it is for completeness:
with a kubernetes secret
artifactory-config
with the fieldsadmin-password
,license-key
,master-key
andjoin-key
.I'm not sure about
unifiedSecretInstallation
, but we tried bothtrue
andfalse
.Anything else we need to know:
the last error complete:
let us know if you need more information.
The text was updated successfully, but these errors were encountered: