-
Notifications
You must be signed in to change notification settings - Fork 7
"Controller - Installing" failing with "msg": "Unexpected templating type error occurred on during #17
Comments
Can you please provide the following? To reproduce
Your environment:
|
Unfortunately Ansible repeats the entire command without vars. So we don't know which var is missing and matches the error: |
thank you Brian, went through the variables defined and found the nginx_controller_db_password was missing so added one directly to test and it's gotten past that error. I have now though stumbled onto another error, which I'm working through to figure out why it does not like key provided. "ERROR: Parameter --apigw-key is invalid: File /etc/ssl/private/star_azure_defra_cloud.key does not exist or is not readable by current user." Have defined below in the variables.
Have checked key is there and permissions all look good but error persists. Is the current user root when installing? |
Not all variables are required. For example; the db password and user are tied to using an external PostgreSQL database server. Not required. You can use the internal-db flag to have the system support its own. using local file storage if not production, and using a remote NFS backed volume if production. the api gateway cert and key are specific to using your own cert and key for the interface of Controller - both GUI and API. |
The user is not root when installing. And installing as root is not supported by default. |
thanks again brian, apologies in advance if below question is not clear, new to ansible and so learning how it works as part of this install so excuse any nonsensical questions. I've managed to sort out the certificate errors by creating certificates in locations specified and sorted out permissions, though then had error as docker was not already installed, have add docker role to playbook but it's not failing connecting to db. I've tested the admin user and password on the managed Azure PostgreSQL with pgAdmin and have specified same user@servername and password. However running the install it's failing with below error.
Using below versions btw. ansible [core 2.11.4] |
the key is this line: This is the Controller server component attempting to use the provided credentials to connect to the remote PostgreSQL endpoint. |
hi Brian, thanks for all your help thus far we resolved the issue with connect to PostgreSQL by adding rule on the NSG where the controller resides to allow outbound connection to SQL over port 5432, however we then had issues trying to use SSL connecting to db not sure if this is in fact possible with a managed instance of postgreSQL that Azure provide. I noted in the vars file the description below suggest certificate needs to be installed on both controller and db server but as we are using a managed postgreSQL instance we cannot install certificate on db server.
So we set - nginx_controller_db_enable_ssl: false This got us past this error;
However now it's failing much further into the install with below error, is this result of not using ssl connectivity which I thought was optional.
Any help understanding above would be greatly appreciated. |
I don't know about managed PostgreSQL, but if you install it yourself - you have to set the listener on the PostgreSQL side to accept connections, and the machines to accept connections from. Also the user account used has some expectations. The automation still has to meet all of these expectations: https://docs.nginx.com/nginx-controller/admin-guides/install/install-nginx-controller/ |
Ok thanks for your input there, be good to understand if using a managed PostgreSQL instance is supported solution. If we could see what command is being passed that throws up the below and understand why it's asking for SSL connection when turned off earlier might help us understand the issue.
I'm also speaking to someone from F5 based in UK to align time zones, he's looking to try replicate the error. |
Hello again, just to update managed to get past above error by disabling SSL on the managed PostgreSQL instance. So seems setting it to nginx_controller_db_enable_ssl: false it will try use SSL connection when it finds it's enabled on the PostgreSQL server itself. Also looking at the MS doc it mentions downloading and using MS certificate to PostgreSQL instance. I'm wondering if we can change the below vars provided to the role nginx_controller_install to point to the certificate MS are suggest is needed to connect to PostgreSQL instance.
To something like this;
Would that work do you think from role perspective? |
Hi @brianehlert so think we have confirmed SSL is not possible with PaaS instance as no way use client certificate. We have therefore decided to go bundled_db option so can close this particular issue as seems PaaS won't work with play books. |
Hi,
I'm getting error during the "Controller - Installing" step with below error! playbook that calls role is triggered from ADO pipeline.
2021-09-14T15:44:10.8653790Z fatal: [SECNGXCTLSR1003]: FAILED! => {"msg": "Unexpected templating type error occurred on (timeout --foreground 10m ./install.sh --accept-license --tsdb-volume-type '{{ nginx_controller_tsdb_volume_type }}' --smtp-host '{{ nginx_controller_smtp_host }}' --smtp-port '{{ nginx_controller_smtp_port | default(25) }}' --smtp-authentication '{{ nginx_controller_smtp_authentication }}' --smtp-use-tls '{{ nginx_controller_smtp_use_tls }}' --noreply-address '{{ nginx_controller_noreply_address }}' --fqdn '{{ nginx_controller_fqdn }}' --organization-name '{{ nginx_controller_organization_name }}' --admin-firstname '{{ nginx_controller_admin_firstname }}' --admin-lastname '{{ nginx_controller_admin_lastname }}' --admin-email '{{ nginx_controller_admin_email }}' --admin-password '{{ nginx_controller_admin_password }}' {{ (nginx_controller_tsdb_volume_type == \"nfs\") | ternary(\"--tsdb-nfs-path '\" + nginx_controller_tsdb_nfs_path + \"'\",'') }} {{ (nginx_controller_tsdb_volume_type == \"nfs\") | ternary(\"--tsdb-nfs-host '\" + nginx_controller_tsdb_nfs_host + \"'\",'') }} {{ (nginx_controller_tsdb_volume_type == \"aws\") | ternary(\"--tsdb-aws-volume-id '\" + nginx_controller_tsdb_aws_volume_id + \"'\",'') }} {{ (nginx_controller_configdb_volume_type != \"\" ) | ternary(\"--configdb-volume-type '\" + nginx_controller_configdb_volume_type + \"'\", '') }} {{ (nginx_controller_configdb_volume_type == \"nfs\") | ternary(\"--configdb-nfs-path '\" + nginx_controller_configdb_nfs_path + \"'\",'') }} {{ (nginx_controller_configdb_volume_type == \"nfs\") | ternary(\"--configdb-nfs-host '\" + nginx_controller_configdb_nfs_host + \"'\",'') }} {{ (nginx_controller_configdb_volume_type == \"aws\") | ternary(\"--configdb-aws-volume-id '\" + nginx_controller_configdb_aws_volume_id + \"'\",'') }} {{ ((nginx_controller_apigw_cert is defined and nginx_controller_apigw_cert | length > 0) and (nginx_controller_apigw_key is defined and nginx_controller_apigw_key | length > 0) ) | ternary(\"--apigw-cert '\" + nginx_controller_apigw_cert + \"'\",'') }} {{ ((nginx_controller_apigw_cert is defined and nginx_controller_apigw_cert | length > 0) and (nginx_controller_apigw_key is defined and nginx_controller_apigw_key | length > 0) ) | ternary(\"--apigw-key '\" + nginx_controller_apigw_key + \"'\",'') }} {{ (nginx_controller_smtp_authentication | bool) | ternary(\"--smtp-user '\" + nginx_controller_smtp_user + \"'\",'') }} {{ (nginx_controller_smtp_authentication | bool) | ternary(\"--smtp-password '\" + nginx_controller_smtp_password + \"'\",'') }} {{ (nginx_controller_self_signed_cert | bool) | ternary('--self-signed-cert','') }} {{ (nginx_controller_overwrite_existing_configs | bool) | ternary('--overwrite-existing-configs','') }} {{ (nginx_controller_auto_install_docker | bool) | ternary('--auto-install-docker','') }} {{ ((nginx_controller_bundled_db | bool) and ( nginx_controller_version is version('3.8', operator='ge', strict=True ))) | ternary(\"--use-bundled-db\",\"--database-host '\" + nginx_controller_db_host + \"' --database-port '\" + nginx_controller_db_port + \"' --database-user '\" + nginx_controller_db_user + \"' --database-password '\" + nginx_controller_db_password + \"'\" ) }} {{ ((nginx_controller_db_enable_ssl | bool) and ( not nginx_controller_bundled_db )) | ternary('--db-enable-ssl true','') }} {{ ((nginx_controller_db_enable_ssl | bool) and (nginx_controller_db_client_cert | length > 0)) | ternary(\"--db-client-cert '\" + nginx_controller_db_client_cert + \"'\",'') }} {{ ((nginx_controller_db_enable_ssl | bool) and (nginx_controller_db_client_key | length > 0)) | ternary(\"--db-client-key '\" + nginx_controller_db_client_key + \"'\",'') }} {{ ((nginx_controller_db_enable_ssl | bool) and (nginx_controller_db_ca | length > 0)) | ternary(\"--db-ca '\" + nginx_controller_db_ca + \"'\",'') }} {{ ((nginx_controller_version is version('3.5', operator='ge', strict=True) ) ) | ternary('--non-interactive','') }}\n): must be str, not NoneType"}
I can't tell from error above if it's complaining about the last line or one of the other variables.
Any suggestions would be greatly appreciated.
Thanks,
The text was updated successfully, but these errors were encountered: