The documentation is ambiguous (I already opened a ticket for that), you should not encode your credential in base64 but let them in plain-text like the rest of the configuration.
The installer will encode in base64 the entire secret.json file.
The "insecure" setting on the CSI driver has to do with whether or not the driver will accept invalid certificates (e.g. self-signed) from the Unity array.
The driver seems to be able to reach the array fine, but the error that you are getting back is for an authorization failure. You may want to check that password to make sure it is still valid and base64 encoded properly. Perhaps try to login to the Unisphere UI or directly to the REST API to see if that works.
I've firstly verified the user/password, as per the product guide, I'm using below cmd, and I feel it could be small chance i pasted it wrong.
echo -n "user"|base64
echo -n "user"|base64
And actually, from above log messages, decode username="YWRtaW4=", it's "admin", which is correct. So, I bet the password is also correct. The problem is I dont see it's saying message about incorrect username/password, while I'm using incorrect ones I will get below:
It's the same response code. However, I'm not sure what I'm doing, but I modified the "restGateway", then recreate secret with above wrong password, and reinstalled CSI, I'm able to get response code 200 from authentication:
You are genius! It's working now, and I can continue my test.
FYI, when I was working on v1.1.0, I was able to install the CSI by specifying the username/password encoded in base64 in myvalue file. Reading a few online doc regarding the secret, it should support the base64 encode, isnt it? Looks like it's the CSI code bug.
Flo_csI
2 Intern
•
167 Posts
2
July 15th, 2020 05:00
Hi,
The documentation is ambiguous (I already opened a ticket for that), you should not encode your credential in base64 but let them in plain-text like the rest of the configuration.
The installer will encode in base64 the entire secret.json file.
Let us know if that works.
bmcfeeters
1 Rookie
•
72 Posts
0
July 14th, 2020 10:00
Hi,
The "insecure" setting on the CSI driver has to do with whether or not the driver will accept invalid certificates (e.g. self-signed) from the Unity array.
The driver seems to be able to reach the array fine, but the error that you are getting back is for an authorization failure. You may want to check that password to make sure it is still valid and base64 encoded properly. Perhaps try to login to the Unisphere UI or directly to the REST API to see if that works.
Thanks
Bryan
143033
23 Posts
0
July 14th, 2020 16:00
Hi Byran,
Thanks for your replying.
I've firstly verified the user/password, as per the product guide, I'm using below cmd, and I feel it could be small chance i pasted it wrong.
echo -n "user"|base64
echo -n "user"|base64
And actually, from above log messages, decode username="YWRtaW4=", it's "admin", which is correct. So, I bet the password is also correct. The problem is I dont see it's saying message about incorrect username/password, while I'm using incorrect ones I will get below:
[root@master helm]# cat secret.json
{
"storageArrayList": [
{
"username": "YWRtaW4=",
"password": "143033",
"restGateway": "https://10.241.167.210",
"arrayId": "APM00194717505",
"insecure": true,
"isDefaultArray": true
}
]
}
[root@master helm]# kubectl create secret generic unity-creds -n unity --from-file=config=secret.json
secret/unity-creds created
[root@master ~]# kubectl logs unity-controller-0 -c driver -n unity|grep runid=1
time="2020-07-14T23:34:32Z" level=info runid=1 msg="Executing Probe with args: {XXX_NoUnkeyedLiteral:{} XXX_unrecognized:[] XXX_sizecache:0}" func="github.com/dell/csi-unity/service.(*service).Probe()" file="dell/csi-unity/service/identity.go:15"
time="2020-07-14T23:34:32Z" level=debug runid=1 msg="Inside Controller Probe" func="github.com/dell/csi-unity/service.(*service).probe()" file="dell/csi-unity/service/service.go:636"
time="2020-07-14T23:34:32Z" level=debug runid=1 msg="Probing all arrays" func="github.com/dell/csi-unity/service.(*service).probe()" file="dell/csi-unity/service/service.go:642"
time="2020-07-14T23:34:32Z" level=debug arrayid=apm00194717505 runid=1 msg="Executing Authenticate REST client" func="github.com/dell/gounity.(*Client).Authenticate()" file="dell/gounity@v1.2.0/unityclient.go:50"
time="2020-07-14T23:34:34Z" level=debug arrayid=apm00194717505 runid=1 msg="Response code:401 for url: /api/types/loginSessionInfo" func="github.com/dell/gounity/api.(*client).DoAndGetResponseBody()" file="dell/gounity@v1.2.0/api/restclient.go:290"
time="2020-07-14T23:34:34Z" level=debug arrayid=apm00194717505 runid=1 msg="Authentication response code: 401" func="github.com/dell/gounity.(*Client).Authenticate()" file="dell/gounity@v1.2.0/unityclient.go:64"
time="2020-07-14T23:34:34Z" level=debug msg="/csi.v1.Identity/Probe: REP 0001: rpc error: code = FailedPrecondition desc = runid=1 All unity arrays are not working. Could not proceed further"
It's the same response code. However, I'm not sure what I'm doing, but I modified the "restGateway", then recreate secret with above wrong password, and reinstalled CSI, I'm able to get response code 200 from authentication:
time="2020-07-14T23:39:45Z" level=info msg="configured csi-unity.dellemc.com" ArrayId=apm00194717505 Insecure=true IsDefaultArray=true RestGateway="https://10.241.167.210/index.html" password="*******" username="YWRtaW4="
...
[root@master ~]# kubectl logs unity-controller-0 -c driver -n unity|grep runid=1
time="2020-07-14T23:39:45Z" level=info runid=1 msg="Executing Probe with args: {XXX_NoUnkeyedLiteral:{} XXX_unrecognized:[] XXX_sizecache:0}" func="github.com/dell/csi-unity/service.(*service).Probe()" file="dell/csi-unity/service/identity.go:15"
time="2020-07-14T23:39:45Z" level=debug runid=1 msg="Inside Controller Probe" func="github.com/dell/csi-unity/service.(*service).probe()" file="dell/csi-unity/service/service.go:636"
time="2020-07-14T23:39:45Z" level=debug runid=1 msg="Probing all arrays" func="github.com/dell/csi-unity/service.(*service).probe()" file="dell/csi-unity/service/service.go:642"
time="2020-07-14T23:39:45Z" level=debug arrayid=apm00194717505 runid=1 msg="Executing Authenticate REST client" func="github.com/dell/gounity.(*Client).Authenticate()" file="dell/gounity@v1.2.0/unityclient.go:50"
time="2020-07-14T23:39:46Z" level=debug arrayid=apm00194717505 runid=1 msg="Response code:200 for url: /api/types/loginSessionInfo" func="github.com/dell/gounity/api.(*client).DoAndGetResponseBody()" file="dell/gounity@v1.2.0/api/restclient.go:290"
time="2020-07-14T23:39:46Z" level=debug arrayid=apm00194717505 runid=1 msg="Authentication response code: 200" func="github.com/dell/gounity.(*Client).Authenticate()" file="dell/gounity@v1.2.0/unityclient.go:64"
time="2020-07-14T23:39:46Z" level=debug arrayid=apm00194717505 runid=1 msg="Authentication successful" func="github.com/dell/gounity.(*Client).Authenticate()" file="dell/gounity@v1.2.0/unityclient.go:74"
time="2020-07-14T23:39:46Z" level=debug arrayid=apm00194717505 runid=1 msg="Controller Probe Success" func="github.com/dell/csi-unity/service.singleArrayProbe()" file="dell/csi-unity/service/service.go:627"
time="2020-07-14T23:39:46Z" level=info runid=1 msg="Controller Probe Success" func="github.com/dell/csi-unity/service.(*service).probe()" file="dell/csi-unity/service/service.go:655"
So, from above I think the initial authentication issue was not related the username/password.
143033
23 Posts
0
July 16th, 2020 17:00
You are genius! It's working now, and I can continue my test.
FYI, when I was working on v1.1.0, I was able to install the CSI by specifying the username/password encoded in base64 in myvalue file. Reading a few online doc regarding the secret, it should support the base64 encode, isnt it? Looks like it's the CSI code bug.
Again, thanks for your great help on this.