Giters

siderolabs / omni

SaaS-simple deployment of Kubernetes - on your own hardware.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[bug] cannot run omni on arm64 with boltdb

bernardgut opened this issue · comments

commented

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

I am getting the following :

Flag --siderolink-api-cert has been deprecated, deprecated, use --machine-api-cert
Flag --siderolink-api-key has been deprecated, deprecated, use --machine-api-key
Flag --siderolink-api-bind-addr has been deprecated, --deprecated, use --machine-api-bind-addr
{"level":"info","ts":1711268657.7738287,"caller":"omni/main.go:111","msg":"starting Omni","version":"latest"}
{"level":"info","ts":1711268657.780322,"caller":"omni/state_boltdb.go:74","msg":"moved existing boltdb file","src":"_out/secondary-storage/bolt.db","dst":"_out/secondary-storage/bolt.db.old"}
{"level":"info","ts":1711268657.7906199,"caller":"omni/state_boltdb.go:95","msg":"compacted BoltDB","src":"_out/secondary-storage/bolt.db.old","dst":"_out/secondary-storage/bolt.db"}
{"level":"info","ts":1711268657.7910151,"caller":"omni/state_boltdb.go:105","msg":"removed old BoltDB file after compaction","path":"_out/secondary-storage/bolt.db.old"}
{"level":"info","ts":1711268657.9535291,"caller":"migration/migrations.go:996","msg":"migrated siderolink counters","component":"migration","migration":"siderolinkCounters","count":0}
{"level":"info","ts":1711268657.9757938,"caller":"auth/config.go:74","msg":"created Config resource","resource":"auth-config","auth0":{"Domain":"","ClientID":"","Enabled":false},"webauthn":{"Enabled":false,"Required":false},"saml":{"LabelRules":null,"URL":"https://auth.<tld>/realms/omni/.well-known/openid-configuration","Metadata":"","Enabled":true}}
{"level":"info","ts":1711268657.9810336,"caller":"features/features.go:54","msg":"created features config resource","enable_workload_proxying":true}
{"level":"info","ts":1711268657.9810946,"caller":"backend/proxy_server.go:100","msg":"frontend handler disabled"}
{"level":"info","ts":1711268657.9833782,"caller":"omni/etcd_backup.go:104","msg":"etcd backups are enabled","component":"omni_runtime","controller":"EtcdBackupController","uploader":"s3 store: bucket \"\"","tick_interval":60}
{"level":"info","ts":1711268657.9843004,"caller":"omni/key_pruner.go:85","msg":"running key pruner","component":"omni_runtime","controller":"KeyPrunerController"}
{"level":"error","ts":1711268657.9855003,"caller":"rruntime/run.go:56","msg":"controller failed","component":"omni_runtime","controller":"ClusterMachineEncryptionController","error":"resource ConnectionParams.omni.sidero.dev(default/siderolink-config@undefined) doesn't exist"}
{"level":"error","ts":1711268658.3597581,"caller":"rruntime/run.go:56","msg":"controller failed","component":"omni_runtime","controller":"ClusterMachineEncryptionController","error":"resource ConnectionParams.omni.sidero.dev(default/siderolink-config@undefined) doesn't exist"}
{"level":"info","ts":1711268658.4454763,"caller":"keys/storage.go:180","msg":"generating new OIDC key","component":"server","component":"oidc_storage","key_id":"c0352270-e49d-46b6-98dc-040d0dee6ae4","expiration":"2034-05-21 08:24:18.445472775 +0000 UTC"}
{"level":"info","ts":1711268658.453395,"caller":"keys/storage.go:223","msg":"active OIDC public signing keys","component":"server","component":"oidc_storage","key_ids":["c0352270-e49d-46b6-98dc-040d0dee6ae4"]}
{"level":"info","ts":1711268658.4534574,"caller":"keys/storage.go:157","msg":"new OIDC signing key generated","component":"server","component":"oidc_storage","key_id":"c0352270-e49d-46b6-98dc-040d0dee6ae4"}
{"caller":"/go/pkg/mod/github.com/zitadel/oidc@v1.13.5/pkg/op/signer.go:83","level":"info","msg":"signer exchanged signing key","time":"2024-03-24T08:24:18Z"}
{"level":"error","ts":1711268658.4787617,"caller":"rruntime/run.go:56","msg":"controller failed","component":"omni_runtime","controller":"VersionsController","error":"database not open"}
Error: failed to run Omni: failed to run server: 403 Forbidden

Expected Behavior

omni starts without error

Steps To Reproduce

  1. set up keycloak and the other requirements using the upstream docs (i am using a wildcard cert for *.tld
  2. run the following
docker run \
  --net=host \
  --cap-add=NET_ADMIN \
  -v $PWD/etcd:/_out/etcd \
  -v $PWD/boltdb:/_out/secondary-storage \
  -v ./certs/tls.crt:/tls.crt \
  -v ./certs/tls.key:/tls.key \
  -v $PWD/omni.asc:/omni.asc \
  ghcr.io/siderolabs/omni:latest \
    --account-id=${OMNI_ACCOUNT_UUID} \
    --name=onprem-omni \
    --cert=/tls.crt \
    --key=/tls.key \
    --siderolink-api-cert=/tls.crt \
    --siderolink-api-key=/tls.key \
    --private-key-source=file:///omni.asc \
    --storage-kind=boltdb \
    --event-sink-port=8091 \
    --bind-addr=0.0.0.0:443 \
    --siderolink-api-bind-addr=0.0.0.0:8090 \
    --k8s-proxy-bind-addr=0.0.0.0:8100 \
    --advertised-api-url=https://<host.tld>/ \
    --siderolink-api-advertised-url=https://<host.tld>:8090/ \
    --siderolink-wireguard-advertised-addr=<hostIP>:50180 \
    --advertised-kubernetes-proxy-url=https://<host.tld>:8100/ \
    --auth-saml-enabled=true \
    --auth-saml-url=https://auth.<tld>/realms/omni/.well-known/openid-configuration

What browsers are you seeing the problem on?

No response

Anything else?

I am running this on a host that also a running an rke2 node (server)