New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Agent token invalid #4551
Comments
It's indeed related to the templates. |
Thanks for sharing thorough debug logs! However, I haven't been able to reproduce this, I tried with a template with 4 containers in the pod and it succeeded every time after 12 starts. As a baseline, would you be able to try this template and see if the problem still continues? |
I had 1 init container + 4 containers for testing. |
This is the template I'm using: |
Hmm... that's super odd. I was somewhat able to reproduce this, but instead of the agent stuck on Here's my modified kube-pods.tf. I'm glad you got things working, but we can definitely investigate because it seems like this config should work. |
It seems that I experience somehow the same issue but using vms (on exoscale) and ...
--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
echo "CODER_AGENT_TOKEN=${coder_agent.dev.token}" >> /etc/environment
sudo -E -u ubuntu /bin/bash -c '${coder_agent.dev.init_script}'
--//-- Injected token is the same if one looks into |
Found my issue. resource "coder_agent_instance" "dev" {
agent_id = coder_agent.dev.id
instance_id = exoscale_compute_instance.instance.id
}
So by just removing the block the correct token is used. |
I can observe the same issue in two cases:
resource "coder_app" "startup-logs" {
agent_id = coder_agent.main.id
icon = "/icon/widgets.svg"
slug = "startup-logs"
display_name = "Startup log"
command = "less +F /tmp/coder-startup-script.log"
} Coder: Providers: |
A workaround, albeit hacky is to manually report status. For example from CODER_AGENT_HEADER="cookie: coder_session_token=${CODER_AGENT_TOKEN}"
METADATA_ENDPOINT="${CODER_AGENT_URL}/api/v2/workspaceagents/me/metadata"
HEALTH_ENDPOINT="${CODER_AGENT_URL}/api/v2/workspaceagents/me/app-health"
curl \
--silent \
--fail \
-X GET \
-H "${CODER_AGENT_HEADER}" \
"${METADATA_ENDPOINT}" \
| jq -c \
'[.apps[] | select( .health != "disabled")] | reduce .[] as $i ({}; .[$i.id] = "healthy") | {"Healths": .}' \
| curl \
--silent \
--fail \
-X POST \
-H "${CODER_AGENT_HEADER}" \
-d @- \
"${HEALTH_ENDPOINT}" |
Hmm, does this happen after provisioning completes? This is natural to happen during the provision job, because the resources haven't been created yet. |
@r2r-dev can you post your template? I've been unable to reproduce. |
I'm not sure why this issue is common, but it seems to be based on: #4551. This improves the error messages to be unique, and also fixes a small edge-case bug a user ran into.
I'm not sure why this issue is common, but it seems to be based on: #4551. This improves the error messages to be unique, and also fixes a small edge-case bug a user ran into.
@r2r-dev I found the issue you're having! It'll be fixed in a release coming out in a few hours :) |
v0.9.10
Coder started showing these errors out of the blue.
Token seems to be correct but coderd won't accept it.
The token is indeed missing in the database. (workspace_agents table)
Sometimes it ends up working:
This seems related to the coder terraform provider.
Deleting these workspaces after they fail to start sometimes leave all created resources untouched, forcing me to delete them manually.
This generates no logs on the coder side.
Tried downgrading to 0.9.9, no changes.
Debug log of agent resource creation:
The text was updated successfully, but these errors were encountered: