You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've deployed the Rekor Helm chart which also spins up the trillian-system chart.
The trillian-logserver, trillian-logsigner, and trillian-mysql pods come up and stay running, but the rekor-trillian-createdb job continually fails. Since it's a job, it keeps trying every few minutes. Here's a look into the goroutine panic that I'm getting:
$ kubectl logs rekor-trillian-createdb-5mhbc
2024/12/23 19:43:57 failed to ping db: Error 1045: Access denied for user 'mysql'@'10.42.0.222' (using password: YES)
panic: failed to ping db: Error 1045: Access denied for user 'mysql'@'10.42.0.222' (using password: YES)
goroutine 1 [running]:
log.Panicf({0xb8602c?, 0xca28f0?}, {0xc0000b7d38?, 0x32?, 0x2?})
log/log.go:395 +0x67
main.main()
github.com/sigstore/scaffolding/cmd/trillian/createdb/main.go:238 +0x3b2
I restarted the trillian-mysql server pod to get some fresh logs, here's a look at that as well. In the logs below, the 10.42.0.222 IP address is the rekor-trillian-createdb pod:
$ kubectl logs trillian-mysql-776fc545d9-46gqj
2024-12-23T19:42:51.125238Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2024-12-23T19:42:51.127052Z 0 [Note] mysqld (mysqld 5.7.38) starting as process 1 ...
2024-12-23T19:42:51.130118Z 0 [Note] InnoDB: PUNCH HOLE support available
2024-12-23T19:42:51.130133Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2024-12-23T19:42:51.130139Z 0 [Note] InnoDB: Uses event mutexes
2024-12-23T19:42:51.130144Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier
2024-12-23T19:42:51.130149Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2024-12-23T19:42:51.130153Z 0 [Note] InnoDB: Using Linux native AIO
2024-12-23T19:42:51.130725Z 0 [Note] InnoDB: Number of pools: 1
2024-12-23T19:42:51.130822Z 0 [Note] InnoDB: Using CPU crc32 instructions
2024-12-23T19:42:51.133206Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2024-12-23T19:42:51.141631Z 0 [Note] InnoDB: Completed initialization of buffer pool
2024-12-23T19:42:51.144291Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2024-12-23T19:42:51.154314Z 0 [ERROR] InnoDB: Unable to lock ./ibdata1 error: 11
2024-12-23T19:42:51.154334Z 0 [Note] InnoDB: Check that you do not already have another mysqld process using the same InnoDB data or log files.
2024-12-23T19:42:51.154340Z 0 [Note] InnoDB: Retrying to lock the first data file
2024-12-23T19:42:52.154441Z 0 [ERROR] InnoDB: Unable to lock ./ibdata1 error: 11
2024-12-23T19:42:52.154463Z 0 [Note] InnoDB: Check that you do not already have another mysqld process using the same InnoDB data or log files.
2024-12-23T19:42:53.165679Z 0 [Note] InnoDB: Highest supported file format is Barracuda.
2024-12-23T19:42:53.189696Z 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1"
2024-12-23T19:42:53.189715Z 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2024-12-23T19:42:53.189812Z 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2024-12-23T19:42:53.237178Z 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2024-12-23T19:42:53.237945Z 0 [Note] InnoDB: 96 redo rollback segment(s) found. 96 redo rollback segment(s) are active.
2024-12-23T19:42:53.237958Z 0 [Note] InnoDB: 32 non-redo rollback segment(s) are active.
2024-12-23T19:42:53.238912Z 0 [Note] InnoDB: 5.7.38 started; log sequence number 12575253
2024-12-23T19:42:53.239402Z 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2024-12-23T19:42:53.239610Z 0 [Note] Plugin 'FEDERATED' is disabled.
2024-12-23T19:42:53.258446Z 0 [Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.
2024-12-23T19:42:53.258666Z 0 [Note] Skipping generation of SSL certificates as certificate files are present in data directory.
2024-12-23T19:42:53.258673Z 0 [Warning] A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
2024-12-23T19:42:53.258678Z 0 [Warning] A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.
2024-12-23T19:42:53.259352Z 0 [Warning] CA certificate ca.pem is self signed.
2024-12-23T19:42:53.259390Z 0 [Note] Skipping generation of RSA key pair as key files are present in data directory.
2024-12-23T19:42:53.260615Z 0 [Note] Server hostname (bind-address): '*'; port: 3306
2024-12-23T19:42:53.260669Z 0 [Note] IPv6 is available.
2024-12-23T19:42:53.260684Z 0 [Note] - '::' resolves to '::';
2024-12-23T19:42:53.260710Z 0 [Note] Server socket created on IP: '::'.
2024-12-23T19:42:53.261395Z 0 [Warning] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2024-12-23T19:42:53.262744Z 0 [Note] InnoDB: Buffer pool(s) load completed at 241223 19:42:53
2024-12-23T19:42:53.295771Z 0 [Note] Event Scheduler: Loaded 0 events
2024-12-23T19:42:53.296197Z 0 [Note] mysqld: ready for connections.
Version: '5.7.38' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server (GPL)
2024-12-23T19:43:47.970157Z 4 [Note] Access denied for user 'mysql'@'10.42.0.222' (using password: YES)
2024-12-23T19:43:49.973826Z 5 [Note] Access denied for user 'mysql'@'10.42.0.222' (using password: YES)
2024-12-23T19:43:51.976939Z 6 [Note] Access denied for user 'mysql'@'10.42.0.222' (using password: YES)
2024-12-23T19:43:53.981175Z 7 [Note] Access denied for user 'mysql'@'10.42.0.222' (using password: YES)
2024-12-23T19:43:55.984607Z 8 [Note] Access denied for user 'mysql'@'10.42.0.222' (using password: YES)
2024-12-23T19:43:57.987249Z 9 [Note] Access denied for user 'mysql'@'10.42.0.222' (using password: YES)
Version
I'm deploying onto Red Hat Microshift, so some of the security best practices of using non-root users are more along the lines of OpenShift than vanilla Kubernetes
Rekor helm chart is version 1.3.7
I'm using a pretty vanilla values.yaml file:
server:
ingress:
enabled: false
The text was updated successfully, but these errors were encountered:
Description
I've deployed the Rekor Helm chart which also spins up the trillian-system chart.
The trillian-logserver, trillian-logsigner, and trillian-mysql pods come up and stay running, but the rekor-trillian-createdb job continually fails. Since it's a job, it keeps trying every few minutes. Here's a look into the goroutine panic that I'm getting:
I restarted the trillian-mysql server pod to get some fresh logs, here's a look at that as well. In the logs below, the 10.42.0.222 IP address is the rekor-trillian-createdb pod:
Version
I'm deploying onto Red Hat Microshift, so some of the security best practices of using non-root users are more along the lines of OpenShift than vanilla Kubernetes
Rekor helm chart is version 1.3.7
I'm using a pretty vanilla values.yaml file:
The text was updated successfully, but these errors were encountered: