Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix nexus bootstrapping key server error #2811

Closed
wants to merge 7 commits into from

Conversation

jjgriff93
Copy link
Collaborator

Resolves #2785

What is being addressed

Due to the introduction of template pipelines and changing the firewall rule addition/removal step to occur outside the main bundle's terraform, a race condition was introduced where the Nexus bundle was being deployed and then the firewall rules (that it relied on to connect to ubuntu key server, packages.microsoft.com and docker.com) were being applied afterwards in the pipeline. As the Nexus clouding bootstrapping starts up, this firewall step wasn't always completed in time for it to work, causing regular failures.

How is this addressed

I tried swapping the order so that the firewall pipeline step happens first, however it depends on outputs from the main bundle terraform. After experimenting with a few workarounds the cleanest solution seems to be whitelisting the key server, Microsoft packages and docker fqdns in the main shared-subnet fqdn exceptions as part of the firewall bundle, as these will be whitelisted anyway as per the nexus bundle and are core trusted repositories already whitelisted by the resource processor.

@github-actions
Copy link

github-actions bot commented Nov 2, 2022

Unit Test Results

0 tests   0 ✔️  0s ⏱️
0 suites  0 💤
0 files    0

Results for commit 2cfff63.

♻️ This comment has been updated with latest results.

@jjgriff93
Copy link
Collaborator Author

/test

@github-actions
Copy link

github-actions bot commented Nov 2, 2022

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/3377931442 (with refid d32dd48a)

(in response to this comment from @jjgriff93)

@damoodamoo
Copy link
Member

I think this looks great and is a really low-impact way of solving the problem - but @marrobi should probably be the one to hit the approve button

@jjgriff93 jjgriff93 requested a review from marrobi November 2, 2022 16:39
@jjgriff93 jjgriff93 enabled auto-merge (squash) November 3, 2022 15:14
@jjgriff93
Copy link
Collaborator Author

/test

@github-actions
Copy link

github-actions bot commented Nov 3, 2022

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/3386906730 (with refid d32dd48a)

(in response to this comment from @jjgriff93)

Copy link
Member

@marrobi marrobi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - can you add an issue referencing this as a case for needing to be able to handle pre steps prior to terraform having run. So using inputs, rather than outputs?

@jjgriff93
Copy link
Collaborator Author

Looks like I need to close this and open a new one due to a transient error and now conflicts in the test environment ><

@jjgriff93
Copy link
Collaborator Author

/test-destroy-env

@github-actions
Copy link

github-actions bot commented Nov 3, 2022

Destroying branch test environment (RG: rg-tre0b9cc865)... (run: https://github.com/microsoft/AzureTRE/actions/runs/3387796079)

@github-actions
Copy link

github-actions bot commented Nov 3, 2022

Branch test environment destroy complete (RG: rg-tre0b9cc865)

@github-actions
Copy link

github-actions bot commented Nov 3, 2022

Destroying PR test environment (RG: rg-tred32dd48a)... (run: https://github.com/microsoft/AzureTRE/actions/runs/3387796079)

@jjgriff93 jjgriff93 closed this Nov 3, 2022
auto-merge was automatically disabled November 3, 2022 17:29

Pull request was closed

@github-actions
Copy link

github-actions bot commented Nov 3, 2022

PR test environment destroy complete (RG: rg-tred32dd48a)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Nexus fails to deploy with cloud-init failure (Failed to import key from key server)
4 participants