tls:certificates consumer:certificates tls-certificates regular
tls:certificates kafka:certificates tls-certificates regular
tls:certificates producer:certificates tls-certificates regular
tls:certificates zookeeper:certificates tls-certificates regular
tls:replicas tls:replicas tls-certificates-replica peer
Traceback (most recent call last):
File "/var/lib/juju/agents/unit-tls-1/charm/./src/charm.py", line 514, in <module>
main(TLSCertificatesOperatorCharm)
File "/var/lib/juju/agents/unit-tls-1/charm/venv/ops/main.py", line 431, in main
_emit_charm_event(charm, dispatcher.event_name)
File "/var/lib/juju/agents/unit-tls-1/charm/venv/ops/main.py", line 142, in _emit_charm_event
event_to_emit.emit(*args, **kwargs)
File "/var/lib/juju/agents/unit-tls-1/charm/venv/ops/framework.py", line 316, in emit
framework._emit(event)
File "/var/lib/juju/agents/unit-tls-1/charm/venv/ops/framework.py", line 784, in _emit
self._reemit(event_path)
File "/var/lib/juju/agents/unit-tls-1/charm/venv/ops/framework.py", line 857, in _reemit
custom_handler(event)
File "/var/lib/juju/agents/unit-tls-1/charm/lib/charms/tls_certificates_interface/v1/tls_certificates.py", line 1039, in _on_relation_changed
provider_relation_data = _load_relation_data(event.relation.data[self.charm.app])
File "/var/lib/juju/agents/unit-tls-1/charm/lib/charms/tls_certificates_interface/v1/tls_certificates.py", line 565, in _load_relation_data
for key in raw_relation_data:
File "/var/lib/juju/agents/unit-tls-1/charm/venv/ops/model.py", line 545, in __iter__
return iter(self._data)
File "/var/lib/juju/agents/unit-tls-1/charm/venv/ops/model.py", line 532, in _data
data = self._lazy_data = self._load()
File "/var/lib/juju/agents/unit-tls-1/charm/venv/ops/model.py", line 920, in _load
return self._backend.relation_get(self.relation.id, self._entity.name, self._is_app)
File "/var/lib/juju/agents/unit-tls-1/charm/venv/ops/model.py", line 2131, in relation_get
raw_data_content = self._run(*args, return_output=True, use_json=True)
File "/var/lib/juju/agents/unit-tls-1/charm/venv/ops/model.py", line 2052, in _run
raise ModelError(e.stderr)
ops.model.ModelError: b'ERROR permission denied\n'
Also, not sure if it's helpful, but getting the following error from the related units:
def _request_certificate(self):
"""Generates and submits CSR to provider."""
csr = generate_csr(
private_key=self.private_key.encode("utf-8"),
subject=self.peer_relation.data[self.charm.unit].get("private-address", ""),
**self._sans,
)
self.charm.set_secret(scope="unit", key="csr", value=csr.decode("utf-8").strip()) # <--- sets 'self.csr'
self.certificates.request_certificate_creation(certificate_signing_request=csr)
def _on_certificate_available(self, event: CertificateAvailableEvent) -> None:
"""Handler for `certificates_available` event after provider updates signed certs."""
# avoid setting tls files and restarting
if event.certificate_signing_request != self.csr:
logger.error("Can't use certificate, found unknown CSR") # <--- this is being called on all units
return
unit-kafka-0: 20:01:28 ERROR unit.kafka/0.juju-log certificates:8: Can't use certificate, found unknown CSR
unit-kafka-0: 20:01:28 ERROR unit.kafka/0.juju-log certificates:8: Can't use certificate, found unknown CSR
unit-kafka-0: 20:01:28 ERROR unit.kafka/0.juju-log certificates:8: Can't use certificate, found unknown CSR
unit-zookeeper-2: 20:01:28 ERROR unit.zookeeper/2.juju-log certificates:7: Can't use certificate, found unknown CSR
unit-zookeeper-2: 20:01:28 ERROR unit.zookeeper/2.juju-log certificates:7: Can't use certificate, found unknown CSR
unit-zookeeper-2: 20:01:28 ERROR unit.zookeeper/2.juju-log certificates:7: Can't use certificate, found unknown CSR
unit-kafka-0: 20:01:29 ERROR unit.kafka/0.juju-log certificates:8: Can't use certificate, found unknown CSR
unit-kafka-0: 20:01:29 ERROR unit.kafka/0.juju-log certificates:8: Can't use certificate, found unknown CSR
unit-kafka-0: 20:01:29 ERROR unit.kafka/0.juju-log certificates:8: Can't use certificate, found unknown CSR