oracle-database-operator icon indicating copy to clipboard operation
oracle-database-operator copied to clipboard
verified publisher icon oracle

Error mapping existing PDB: "ORDSError", "message": "Failed: Unauthorized"

Open DCSTOLF opened this issue 3 years ago • 0 comments

I'm trying to create CDB and PDB CRDs for an on-prem database.

The CDB creation apparently was successful, but I keep getting error 401 when I try to map the PDB (I think that Map is the right action, but I've also tried Create with similar results).

I think the controller manager is getting this error from ORDS, but I can't find what config I'm missing to cause this error.

kubectl get cdbs -n oracle-database-operator-system

NAME   CDB NAME   DB SERVER       DB PORT   SCAN NAME   REPLICAS   STATUS   MESSAGE
cdb1   cdb1       10.160.106.88   1521      cdb1        1          Ready

kubectl get pdbs -n oracle-database-operator-system

NAME   CONNECT STRING   CDB NAME   PDB NAME   PDB STATE   PDB SIZE   STATUS   MESSAGE
pdb1                    cdb1       pdb1       UNKNOWN                Failed   ORDS Error - HTTP Status Code:401

kubectl logs -n oracle-database-operator-system -l control-plane=controller-manager -f

2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/mutate-database-oracle-com-v1alpha1-pdb", "UID": "ea47175b-c130-49c0-b130-19d8248d4bc9", "kind": "database.oracle.com/v1alpha1, Kind=PDB", "resource": {"group":"database.oracle.com","version":"v1alpha1","resource":"pdbs"}}
2022-12-13T15:23:58Z	INFO	pdb-webhook	Setting default values in PDB spec for : pdb1
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - reuseTempFile : true
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - unlimitedStorage : true
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - tdeImport : false
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - tdeExport : false
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - asClone : false
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - getScript : false
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/mutate-database-oracle-com-v1alpha1-pdb", "code": 200, "reason": "", "UID": "ea47175b-c130-49c0-b130-19d8248d4bc9", "allowed": true}
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/validate-database-oracle-com-v1alpha1-pdb", "UID": "747dc310-cb33-4f7f-84fd-8722200056e0", "kind": "database.oracle.com/v1alpha1, Kind=PDB", "resource": {"group":"database.oracle.com","version":"v1alpha1","resource":"pdbs"}}
2022-12-13T15:23:58Z	INFO	pdb-webhook	ValidateCreate-Validating PDB spec for : pdb1
2022-12-13T15:23:58Z	INFO	pdb-webhook	validateCommon	{"name": "pdb1"}
2022-12-13T15:23:58Z	INFO	pdb-webhook	Valdiating PDB Resource Action : MAP
2022-12-13T15:23:58Z	INFO	pdb-webhook	PDB Resource : pdb1 successfully validated for Action : MAP
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/validate-database-oracle-com-v1alpha1-pdb", "code": 200, "reason": "", "UID": "747dc310-cb33-4f7f-84fd-8722200056e0", "allowed": true}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Reconcile requested	{"onpremdboperator": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Adding finalizer	{"managePDBDeletion": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/mutate-database-oracle-com-v1alpha1-pdb", "UID": "72994449-d5c5-469a-ab44-5996cd13ea07", "kind": "database.oracle.com/v1alpha1, Kind=PDB", "resource": {"group":"database.oracle.com","version":"v1alpha1","resource":"pdbs"}}
2022-12-13T15:23:58Z	INFO	pdb-webhook	Setting default values in PDB spec for : pdb1
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/mutate-database-oracle-com-v1alpha1-pdb", "code": 200, "reason": "", "UID": "72994449-d5c5-469a-ab44-5996cd13ea07", "allowed": true}
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/validate-database-oracle-com-v1alpha1-pdb", "UID": "68eafb19-f11f-498c-adc3-72a6072fa2fc", "kind": "database.oracle.com/v1alpha1, Kind=PDB", "resource": {"group":"database.oracle.com","version":"v1alpha1","resource":"pdbs"}}
2022-12-13T15:23:58Z	INFO	pdb-webhook	ValidateUpdate-Validating PDB spec for : pdb1
2022-12-13T15:23:58Z	INFO	pdb-webhook	validateCommon	{"name": "pdb1"}
2022-12-13T15:23:58Z	INFO	pdb-webhook	Valdiating PDB Resource Action : MAP
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/validate-database-oracle-com-v1alpha1-pdb", "code": 200, "reason": "", "UID": "68eafb19-f11f-498c-adc3-72a6072fa2fc", "allowed": true}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Found PDB: pdb1	{"checkDuplicatePDB": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Validating PDB phase for: pdb1	{"validatePhase": "oracle-database-operator-system/pdb1", "Action": "MAP"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Validation complete	{"validatePhase": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	PDB:	{"onpremdboperator": "oracle-database-operator-system/pdb1", "Name": "pdb1", "Phase": "Mapping", "Status": "false"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Found CR for CDB	{"getCDBResource": "oracle-database-operator-system/pdb1", "Name": "cdb1", "CR Name": "cdb1"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Issuing REST call	{"callAPI": "oracle-database-operator-system/pdb1", "URL": "http://cdb1-ords:8888/ords/_/db-api/latest/database/pdbs/pdb1/", "Action": "GET"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Found CR for CDB	{"getCDBResource": "oracle-database-operator-system/pdb1", "Name": "cdb1", "CR Name": "cdb1"}
2022-12-13T15:23:59Z	INFO	controllers.PDB	ORDS Error - HTTP Status Code :401	{"callAPI": "oracle-database-operator-system/pdb1", "Err": "\n{\n    \"code\": \"Unauthorized\",\n    \"message\": \"Unauthorized\",\n    \"type\": \"tag:oracle.com,2020:error/Unauthorized\",\n    \"instance\": \"tag:oracle.com,2020:ecid/nVFy_LEmkC2NpInSAjA6bw\"\n}"}
2022-12-13T15:23:59Z	INFO	controllers.PDB	Reconcile completed	{"onpremdboperator": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:59Z	DEBUG	events	Warning	{"object": {"kind":"PDB","namespace":"oracle-database-operator-system","name":"pdb1","uid":"a3ae6a10-f378-4b66-80d7-9b00569316a5","apiVersion":"database.oracle.com/v1alpha1","resourceVersion":"861439"}, "reason": "ORDSError", "message": "Failed: Unauthorized"}

kubectl logs -n oracle-database-operator-system -l name=cdb1-ords -f

db.username=ORDS_PUBLIC_USER
restEnabledSql.active=true
resource.templates.enabled=true
db.port=1521
feature.sdw=true
db.connectionType=basic

2022-12-13T14:28:04.620Z WARNING     *** jdbc.MaxLimit in configuration |apex|pu| is using a value of 10, this setting may not be sized adequately for a production environment ***
2022-12-13T14:28:04.620Z WARNING     *** jdbc.InitialLimit in configuration |apex|pu| is using a value of 3, this setting may not be sized adequately for a production environment ***
2022-12-13T14:28:05.604Z WARNING     :::got unchecked exception from user-defined connection labeling callback

cdb-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: cdb1-secret
  namespace: oracle-database-operator-system
type: Opaque
data:
  ords_pwd: " T3JhY2xlXzEyMyEK"
  sysadmin_pwd: " T3JhY2xlXzEyMyEK"
  cdbadmin_user: "QyMjREJBUElfQ0RCX0FETUlOCg=="
  cdbadmin_pwd: " T3JhY2xlXzEyMyEK"
  webserver_user: "c3FsX2FkbWluCg=="
  webserver_pwd: " T3JhY2xlXzEyMyEK"

pdb-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: pdb1-secret
  namespace: oracle-database-operator-system
type: Opaque
data:
  sysadmin_user: "cGRiYWRtaW4="
  sysadmin_pwd: " T3JhY2xlXzEyMyEK"

cdb.yaml

apiVersion: database.oracle.com/v1alpha1
kind: CDB
metadata:
  name: cdb1
  namespace: oracle-database-operator-system
spec:
  cdbName: "cdb1"
  scanName: "cdb1"
  dbServer: "10.160.106.88"
  dbPort: 1521
  replicas: 1
  ordsImage: "533693045312.dkr.ecr.us-west-2.amazonaws.com/oracle-database:21.4.3-ords"
  ordsImagePullPolicy: "Always"
  # Uncomment Below Secret Format for accessing ords image from private docker registry
  ordsImagePullSecret: "aws-ecr-cred"
  serviceName: "cdb1"
  sysAdminPwd:
    secret:
      secretName: "cdb1-secret"
      key: "sysadmin_pwd"
  ordsPwd:
    secret:
      secretName: "cdb1-secret"
      key: "ords_pwd"
  cdbAdminUser:
    secret:
      secretName: "cdb1-secret"
      key: "cdbadmin_user"
  cdbAdminPwd:
    secret:
      secretName: "cdb1-secret"
      key: "cdbadmin_pwd"
  webServerUser:
    secret:
      secretName: "cdb1-secret"
      key: "webserver_user"
  webServerPwd:
    secret:
      secretName: "cdb1-secret"
      key: "webserver_pwd"

pdb.yaml

apiVersion: database.oracle.com/v1alpha1
kind: PDB
metadata:
  name: pdb1
  namespace: oracle-database-operator-system
  labels:
    cdb: cdb1
spec:
  cdbResName: "cdb1"
  cdbName: "cdb1"
  pdbName: "pdb1"
  adminName:
    secret:
      secretName: "pdb1-secret"
      key: "sysadmin_user"
  adminPwd:
    secret:
      secretName: "pdb1-secret"
      key: "sysadmin_pwd"
  fileNameConversions: "NONE"
  totalSize: "1G"
  tempSize: "100M"
  action: "Map"

DCSTOLF avatar Dec 13 '22 15:12 DCSTOLF