After resolving the original issue (Authenticator pod failing to authenticate) where the seed config wasn’t being downloaded within the Openshift pods from the conjur master node, I have now manually generated the seed file and tried to configure the follower pods.
Unfortunately I am not able to perform the manual follower configuration by generating the seed file, copying to the conjur-appliance pods and running the unpack and configure follower commands.
evoke seed follower $ConjurFollowerAddress > follower-seed.tar
Archive::Tar::PosixHeader has been renamed to Archive::Tar::Minitar::PosixHeader
$ oc cp follower-seed.tar conjur-follower-78967f5f7-qj7fv:/opt/follower-seed.tar
$ oc exec conjur-follower-78967f5f7-qj7fv evoke unpack seed /opt/follower-seed.tar
tar: Removing leading `/’ from member names
Seed file was successfully unpacked.
Run ‘evoke configure follower’ to configure this machine.
$ oc exec conjur-follower-78967f5f7-qj7fv evoke configure follower
Thinking it could be any network related issue, I have checked from the pods if I can reach the master’s required ports:
netcat -v $ConjurMasterAddress 443
Connection to $ConjurMasterAddress 443 port [tcp/https] succeeded!
netcat -v $ConjurMasterAddress 5432
Connection to $ConjurMasterAddress 5432 port [tcp/postgresql] succeeded!
netcat -v conjurmaster.dtt-iam.xyz 1999
Connection to $ConjurMasterAddress 1999 port [tcp/*] succeeded!
I have intentionally blocked the 5432 port in a security group rule, for example, and the configure follower command at least timed out, but now the command just hangs for hours with no response.
Is there any debug/trace log I can enable or check ? The pods/journal logs only don’t show anything useful so far.
Thanks in advance.