Issue in code
Closed this issue · 8 comments
Hello,
I'm trying to run code and getting below error in all scripts. Even in a manual entry on PS.
az container create --resource-group "aci-hxe-rg" --name "aci-hxe-instance" --image "registry-1.docker.io/store/saplabs/hanaexpress:2.00.040.00.20190729.1"
--os-type Linux --cpu 4 --memory 14 --dns-name-label "aci-hxe-instance" --ip-address public --ports 39013 39015 39017 39041 59013 --registry-login-server "registry-1.docker.io" --registry-username "xxxxxxxxxxx
--registry-password 'xxxxxxxxxxxxxxxxx' --azure-file-volume-share-name 'hxe-config' --azure-file-volume-account-name 'xxxxxxxxxxxxxxxxx'
--azure-file-volume-mount-path /hana/hxeconfig"_
ValidationError: The image 'registry-1.docker.io/store/saplabs/hanaexpress:2.00.040.00.20190729.1' in container group 'aci-hxe-instance' is not accessible. Please check the image and registry credential.
PS /home/xxx>
P.S - I am using the latest Hana express image now. (tried with your ver. earlier)
Please help!
@amitlalaawaz I just tried it with my credentials and the following parameters:
--registry-login-server "registry-1.docker.io"--image "registry-1.docker.io/store/saplabs/hanaexpress:2.00.045.00.20200121.1"
Deployment was successful.
Thanks for your response. Still getting issue even after changing to the latest image I'm getting the same issue -
Properly check your Docker credentials once again. Otherwise open an Azure support ticket.
I did it several times. Docker account looks perfect. I am going to open Azure ticket.
But even I tried creating manually with ACI, it get terminated in a min. due to no password.json file path not found.
Do you think any permission etc. required on top of it? Thanks again!
@amitlalaawaz I guess I found the issue.
The conversion back from a SecureString to String must be changed in the past two years. So, the password is not complete and thus fails to authenticate.
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($credential.Password)
$dockerPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
@amitlalaawaz Fixed it. Please try again -> https://github.com/neumanndaniel/kubernetes/blob/master/hxe-aci/deploy_HXE_ACI.ps1
@amitlalaawaz The script works again.
Regarding your question with password.json not found. Once HXE boots up and downloads the password file it will delete it. When ACI restarts it cannot find the password.json again as it was deleted during the first HXE boot.
Downloading password file from file:///hana/hxeconfig/masterPassword.json (parameters: --max-time 30 --insecure) ...
...
Deleting local password file: /hana/hxeconfig/masterPassword.json
======== Starting HANA container run script ========
Started at: Tue Oct 13 21:50:38 UTC 2020
Script parameters: --agree-to-sap-license --dont-check-system --passwords-url file:///hana/hxeconfig/masterPassword.json
HANA version: 2.00.045.00.1575639312
Linux kernel version: 4.15
New host: 'wk-caas-d76e81c5b30c45819f2859b805b3c834-274a32eb2d834a410f4071'
Setting HANAs host name to 'wk-caas-d76e81c5b30c45819f2859b805b3c834-274a32eb2d834a410f4071' ...
Checking allowed mountpoints ...
Checking mount consistency ...
Checking content structure version ...
Checking version compatibility ...
Start type: initial
Entering pre start phase ...
Downloading password file from file:///hana/hxeconfig/masterPassword.json (parameters: --max-time 30 --insecure) ...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 33 100 33 0 0 3780 0 --:--:-- --:--:-- --:--:-- 3780
Deleting local password file: /hana/hxeconfig/masterPassword.json
Creating consistency check files ...
Extracting initial content to /hana/shared/HXE/HDB90/wk-caas-d76e81c5b30c45819f2859b805b3c834-274a32eb2d834a410f4071
/hana/shared/HXE/HDB90/localhost/sapprofile.ini
/hana/shared/HXE/HDB90/localhost/lock/
tar: Removing leading `/' from member names
/hana/shared/HXE/HDB90/localhost/work/
/hana/shared/HXE/HDB90/localhost/log/
/hana/shared/HXE/HDB90/localhost/log/logmon/
/hana/shared/HXE/HDB90/localhost/log/grmg/
/hana/shared/HXE/HDB90/localhost/log/sapccm4x/
/hana/shared/HXE/HDB90/localhost/log/sapccm4x/sapstartsrv_ccms.log
/hana/shared/HXE/HDB90/localhost/tmp/
/hana/shared/HXE/HDB90/localhost/tmp/RSUtil/
tar: Removing leading `/' from hard link targets
/hana/shared/HXE/HDB90/localhost/log/sapccm4x/sapstartsrv_ccms.log
Processing hooks in folder /hana/hooks/pre_start ...
Hook candidates:
/hana/hooks/pre_start/010_license_agreement
/hana/hooks/pre_start/010_license_agreement.json (ignored, not an executable regular file)
/hana/hooks/pre_start/110_clean_hdbdaemon_status
/hana/hooks/pre_start/120_clean_pid_files
/hana/hooks/pre_start/130_update_clean_wdisp
/hana/hooks/pre_start/310_init_ssfs
/hana/hooks/pre_start/320_config_cert
/hana/hooks/pre_start/330_custom_afls
Hook /hana/hooks/pre_start/010_license_agreement requires parameters: AGREE_TO_SAP_LICENSE
Executing hook /hana/hooks/pre_start/010_license_agreement ...
License agreement check succeeded (AGREE_TO_SAP_LICENSE=true)
Finished execution of hook /hana/hooks/pre_start/010_license_agreement (exit code 0)
Executing hook /hana/hooks/pre_start/110_clean_hdbdaemon_status ...
Finished execution of hook /hana/hooks/pre_start/110_clean_hdbdaemon_status (exit code 0)
Executing hook /hana/hooks/pre_start/120_clean_pid_files ...
Removing PID files in /usr/sap/HXE/HDB90/wk-caas-d76e81c5b30c45819f2859b805b3c834-274a32eb2d834a410f4071/lock
Finished execution of hook /hana/hooks/pre_start/120_clean_pid_files (exit code 0)
Executing hook /hana/hooks/pre_start/130_update_clean_wdisp ...
Finished execution of hook /hana/hooks/pre_start/130_update_clean_wdisp (exit code 0)
Executing hook /hana/hooks/pre_start/310_init_ssfs ...
Creating system PKI master key ...
Record Statistics
=============================================
Encrypted and readable : 0
Encrypted and not readable : 0
Plaintext : 0
Removed by compacting : 0
Creating system PKI SSFS ...
Generating system PKI CA ...
Creating openssl.cnf file for CA ...
Creating self signed certificate for CA ...
Generating a 4096 bit RSA private key
.........................................................................++
...............++
writing new private key to '/tmp/tmp.yiqCwmm1tF/key.pem'
-----
Exporting PEM to P12 ...
Importing P12 into PSE ...
Found key 'INDEX=0,SIG=YES,ENC=NO,MD5-FINGERPRINT=C2F2 24C1 1E02 1FB9 0244 2A65 9F4B 37FC,KEYID=F19CA098CAA2BFD94D86CA85F102DDDF98DF5001'
!!! WARNING: For security reasons it is recommended to use a PIN/passphrase
!!! WARNING: which is at least 8 characters long and contains characters in
!!! WARNING: upper and lower case, numbers and non-alphanumeric symbols.
PSE "/tmp/tmp.yiqCwmm1tF/ca.pse" was written
Generating system PKI CA done
Adding system PKI CA to system PKI SSFS ...
Creating pin for sap_system_pki_instance.pse
Storing pin for sap_system_pki_instance.pse in secure file store
Generating sap_system_pki_instance.pse ...
Creating openssl.cnf file for server certificate ...
Creating server certificate ...
Generating a 4096 bit RSA private key
......................................................................................................++
..................................................++
writing new private key to '/tmp/tmp.yiqCwmm1tF/key2.pem'
-----
Signing server certificate ...
Building complete chain ...
Exporting PEM to P12 ...
Importing P12 into PSE ...
Found key 'INDEX=0,SIG=YES,ENC=YES,MD5-FINGERPRINT=B462 21AD F688 ECFB FDB7 D53B 62AC 85B9,KEYID=26332E3D38D4D6F2D77737261234B84755F18A65'
!!! WARNING: For security reasons it is recommended to use a PIN/passphrase
!!! WARNING: which is at least 8 characters long and contains characters in
!!! WARNING: upper and lower case, numbers and non-alphanumeric symbols.
PSE "/usr/sap/HXE/HDB90/wk-caas-d76e81c5b30c45819f2859b805b3c834-274a32eb2d834a410f4071/sec/sap_system_pki_instance.pse" was written
Generating sap_system_pki_instance.pse done
Delete tmp files ...
Creating instance SSFS master key ...
Record Statistics
=============================================
Encrypted and readable : 0
Encrypted and not readable : 0
Plaintext : 0
Removed by compacting : 0
Creating instance SSFS ...
nameserver wk-caas-d76e81c5b30c45819f2859b805b3c834-274a32eb2d834a410f4071:39001 not responding.
done.
Finished execution of hook /hana/hooks/pre_start/310_init_ssfs (exit code 0)
Executing hook /hana/hooks/pre_start/320_config_cert ...
Checking for sapsrv.pse ...
Checking for SAPSSLA.pse ...
Checking for SAPSSLC.pse ...
Checking for SAPSSLS.pse ...
Checking for sap_system_pki_instance.pse ...
Checking for sapsrv_tenant.pse ...
generating certificate sapsrv.pse...
creating openssl.cnf file
creating self signed certificate with openssl
Generating a 4096 bit RSA private key
.............................................................................................................++
.......................................................................................................................................................................................................................................................++
writing new private key to '/usr/sap/HXE/home/key.pem'
-----
export PEM to P12 with openssl
import P12 into PSE
Found key 'INDEX=0,SIG=NO,ENC=YES,MD5-FINGERPRINT=4B74 D3D2 CBF8 9F9B 39B2 F176 4616 7F94,KEYID=01144F0A7D89901B07B485FFF6B6BC93D2C77C2B'
!!! WARNING: For security reasons it is recommended to use a PIN/passphrase
!!! WARNING: which is at least 8 characters long and contains characters in
!!! WARNING: upper and lower case, numbers and non-alphanumeric symbols.
PSE "/usr/sap/HXE/HDB90/wk-caas-d76e81c5b30c45819f2859b805b3c834-274a32eb2d834a410f4071/sec/sapsrv.pse" was written
delete tmp files
generating certificate sapsrv.pse done
Finished execution of hook /hana/hooks/pre_start/320_config_cert (exit code 0)
Executing hook /hana/hooks/pre_start/330_custom_afls ...
No custom AFLs found
Finished execution of hook /hana/hooks/pre_start/330_custom_afls (exit code 0)
Finished execution of hooks in folder /hana/hooks/pre_start
Initializing persistence for first start of HANA (system db) ...
SAP HANA Lifecycle Management - HdbContainer 2.4.86
***************************************************
Start reading from input channel...
... Done.
Initializing persistence...
Installing initial topology
It worked like a charm now!! Password String was the culprit here. Super! Thanks again!!
