Health check fails on Openshift

Secrets Management - Conjur, Secrets Hub & CP Guides and HowTo's
1

Hi,
we completed our installation on Openshift but followers are not behiving correctly.
Pods are up and running but the service is unreachable and Health Check fails.
In init container log we have this warning:
WARN: Seed URL not found - assuming seedfile exists on the follower!
Events show theis message:

Generated from kubelet on compute-0.mi-cluster.openshift-aditinet.local359 times in the last hour

Readiness probe failed: Get https://10.128.2.212:443/health: dial tcp 10.128.2.212:443: connect: connection refused

This is the log for conjure-appliance container:

Starting follower services…
Joined session keyring: 743100474
*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh…
*** Running /etc/my_init.d/01-clear-run.sh…
*** Running /etc/my_init.d/10_local_hosts.rb…
*** Running /etc/my_init.d/10_syslog-ng.init…
syslog-ng: Error setting capabilities, capability management disabled; error=‘Operation not permitted’
[2020-08-07T05:12:03.624292] WARNING: With use-dns(no), dns-cache() will be forced to ‘no’ too!;
[2020-08-07T05:12:03.812791] Error establishing SQL connection; type=‘pgsql’, host=’’, port=‘5433’, username=‘syslog-ng’, database=‘audit’, error=‘could not connect to server: No such file or directory\x0a Is the server running locally and accepting\x0a connections on Unix domain socket “/var/run/postgresql/.s.PGSQL.5433”?\x0a’
<45>1 2020-08-07T05:12:03.624+00:00 conjur-follower-6464c45c7f-fh99q syslog-ng 26 - [meta sequenceId=“1”] syslog-ng starting up; version=‘3.21.1’
*** Running /etc/my_init.d/dhgen.sh…
*** Booting runit daemon…
*** Runit started as PID 44

  • exec conjur-plugin-logger etcd
    <78>1 2020-08-07T05:12:04.000+00:00 conjur-follower-6464c45c7f-fh99q cron 69 - [meta sequenceId=“2”] (CRON) INFO (pidfile fd = 3)
    <78>1 2020-08-07T05:12:04.000+00:00 conjur-follower-6464c45c7f-fh99q cron 69 - [meta sequenceId=“3”] (CRON) INFO (Running @reboot jobs)
    2020-08-07 05:12:09.735 UTC [179] LOG: database system was shut down at 2020-08-07 05:12:09 UTC
    2020-08-07 05:12:09.736 UTC [179] LOG: MultiXact member wraparound protections are now enabled
    2020-08-07 05:12:09.739 UTC [183] LOG: autovacuum launcher started
    2020-08-07 05:12:09.739 UTC [80] LOG: database system is ready to accept connections
    <134>1 2020-08-07T05:12:04.000+00:00 conjur-follower-6464c45c7f-fh99q evoke-info - - [meta sequenceId=“4”] [2020-08-07 05:12:12] INFO WEBrick 1.4.2
    <134>1 2020-08-07T05:12:12.000+00:00 conjur-follower-6464c45c7f-fh99q evoke-info - - [meta sequenceId=“5”] [2020-08-07 05:12:12] INFO ruby 2.5.7 (2019-10-01) [x86_64-linux-gnu]
    <134>1 2020-08-07T05:12:12.000+00:00 conjur-follower-6464c45c7f-fh99q evoke-info - - [meta sequenceId=“6”] [2020-08-07 05:12:12] INFO WEBrick::HTTPServer#start: pid=66 port=5611
    <134>1 2020-08-07T05:12:04.000+00:00 conjur-follower-6464c45c7f-fh99q evoke-seed - - [meta sequenceId=“7”] [2020-08-07 05:12:12] INFO WEBrick 1.4.2
    <134>1 2020-08-07T05:12:12.000+00:00 conjur-follower-6464c45c7f-fh99q evoke-seed - - [meta sequenceId=“8”] [2020-08-07 05:12:12] INFO ruby 2.5.7 (2019-10-01) [x86_64-linux-gnu]
    <134>1 2020-08-07T05:12:12.000+00:00 conjur-follower-6464c45c7f-fh99q evoke-seed - - [meta sequenceId=“9”] [2020-08-07 05:12:12] INFO WEBrick::HTTPServer#start: pid=60 port=5612
    <134>1 2020-08-07T05:12:04.000+00:00 conjur-follower-6464c45c7f-fh99q evoke-health - - [meta sequenceId=“10”] [2020-08-07 05:12:12] INFO WEBrick 1.4.2
    <134>1 2020-08-07T05:12:12.000+00:00 conjur-follower-6464c45c7f-fh99q evoke-health - - [meta sequenceId=“11”] [2020-08-07 05:12:12] INFO ruby 2.5.7 (2019-10-01) [x86_64-linux-gnu]
    <134>1 2020-08-07T05:12:12.000+00:00 conjur-follower-6464c45c7f-fh99q evoke-health - - [meta sequenceId=“12”] [2020-08-07 05:12:12] INFO WEBrick::HTTPServer#start: pid=64 port=5610

System error
<82>1 2020-08-07T05:15:01.000+00:00 conjur-follower-6464c45c7f-fh99q CRON 188 - [meta sequenceId=“1”] PAM audit_log_acct_message() failed: Operation not permitted
<75>1 2020-08-07T05:15:01.000+00:00 conjur-follower-6464c45c7f-fh99q CRON 188 - [meta sequenceId=“2”] System error

System error
<82>1 2020-08-07T05:17:01.000+00:00 conjur-follower-6464c45c7f-fh99q CRON 192 - [meta sequenceId=“1”] PAM audit_log_acct_message() failed: Operation not permitted
<75>1 2020-08-07T05:17:01.000+00:00 conjur-follower-6464c45c7f-fh99q CRON 192 - [meta sequenceId=“2”] System error

Any suggestion on how to solve the issue ?

2

@pferraglia to better understand how to help, I’d strongly suggest opening a Salesforce case for this issue. The support engineers will be able to work with you to determine what the issue is with your specific configuration.