调用job query接口，返回unable to set private key file: '/etc/kusciaapi-server.key' type PEM #330

maclarencn · 2024-05-29T07:29:38Z

Issue Type

Running

Search for existing issues similar to yours

Yes

OS Platform and Distribution

BC linux 8.2

Kuscia Version

0.8.0b0

Deployment

docker

deployment Version

Docker version 24.0.2, build cb74dfc

App Running type

secretflow

App Running version

latest

Configuration file used to run kuscia.

kuscia.yaml在哪里配置？

What happend and What you expected to happen.

# export CTR_CERTS_ROOT=/etc
# curl -k -X POST 'https://172.32.173.1:11080/api/v1/job/query' \
 --header "Token: $(cat ${CTR_CERTS_ROOT}/token)" \
 --header 'Content-Type: application/json' \
 --cert ${CTR_CERTS_ROOT}/kusciaapi-server.crt \
 --key ${CTR_CERTS_ROOT}/kusciaapi-server.key \
 --cacert ${CTR_CERTS_ROOT}/ca.crt \
 -d '{
  "job_id": "job-alice-bob-001"
}'> > > > > > > >
curl: (58) unable to set private key file: '/etc/kusciaapi-server.key' type PEM
究竟该如何操作能够解决此问题？

Kuscia log output.

2024-05-29 15:24:15.402 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-coredns-controller], key[alice/secretflow-task-20240528093347-single-psi-0-fed] (19.332µs)
2024-05-29 15:24:15.402 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-coredns-controller], key[alice/secretflow-task-20240528093347-single-psi-0-global] (6.168µs)
2024-05-29 15:24:15.402 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-coredns-controller], key[alice/secretflow-task-20240528093347-single-psi-0-spu] (4.115µs)
2024-05-29 15:24:15.402 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-coredns-controller], key[alice/secretflow-task-20240528093347-single-psi-0-fed] (2.575µs)
2024-05-29 15:24:17.672 INFO controller/endpoints.go:189 Updating endpoint alice/secretflow-task-20240528093347-single-psi-0-global/379914
2024-05-29 15:24:17.672 INFO queue/queue.go:124 Finish processing item: queue id[service-poll-queue], key[alice/secretflow-task-20240528093347-single-psi-0-spu] (20.106µs)
2024-05-29 15:24:17.672 INFO controller/domain_route.go:356 Update DomainRoute alice/bob-alice revision:429260
2024-05-29 15:24:17.672 INFO queue/queue.go:124 Finish processing item: queue id[endpoints-queue], key[alice/secretflow-task-20240528093347-single-psi-0-global] (10.411µs)
2024-05-29 15:24:17.672 INFO queue/queue.go:124 Finish processing item: queue id[service-poll-queue], key[alice/secretflow-task-20240528093347-single-psi-0-fed] (17.683µs)
2024-05-29 15:24:17.672 INFO queue/queue.go:124 Finish processing item: queue id[domain-route-poll-queue], key[bob-alice:bob] (16.04µs)
2024-05-29 15:24:17.672 INFO controller/domain_route.go:431 add cluster alice-to-bob name:http protocol:HTTP port:11080
2024-05-29 15:24:17.672 INFO controller/endpoints.go:189 Updating endpoint alice/secretflow-task-20240528093347-single-psi-0-fed/379916
2024-05-29 15:24:17.672 INFO controller/endpoints.go:189 Updating endpoint alice/secretflow-task-20240528093347-single-psi-0-spu/379919
2024-05-29 15:24:17.672 INFO xds/cluster_config.go:131 Generate tls config for alice-to-bob-http
2024-05-29 15:24:17.672 INFO queue/queue.go:124 Finish processing item: queue id[endpoints-queue], key[alice/secretflow-task-20240528093347-single-psi-0-spu] (5.064µs)
2024-05-29 15:24:17.672 INFO queue/queue.go:124 Finish processing item: queue id[endpoints-queue], key[alice/secretflow-task-20240528093347-single-psi-0-fed] (11.56µs)
2024-05-29 15:24:17.672 INFO xds/xds.go:439 Add cluster:alice-to-bob-http
2024-05-29 15:24:17.672 INFO controller/domain_route.go:356 Update DomainRoute alice/alice-bob revision:428890
2024-05-29 15:24:17.676 INFO queue/queue.go:124 Finish processing item: queue id[domain-route-queue], key[alice/bob-alice] (4.496518ms)
2024-05-29 15:24:17.677 INFO xds/xds.go:439 Add cluster:alice-to-bob-http
2024-05-29 15:24:17.678 INFO queue/queue.go:124 Finish processing item: queue id[domain-route-queue], key[alice/alice-bob] (5.858129ms)
2024-05-29 15:24:17.956 INFO kusciatask/controller.go:547 KusciaTask "cross-domain/secretflow-task-20240525182731-single-psi" was finished, skipping
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/secretflow-task-20240528093347] (61.67µs)
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/secretflow-task-20240525182731] (30.931µs)
2024-05-29 15:24:17.956 INFO kusciatask/controller.go:547 KusciaTask "cross-domain/secretflow-task-20240528093347-single-psi" was finished, skipping
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[bob/secretflow-task-20240525182731] (14.925µs)
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/secretflow-task-20240525184504] (35.981µs)
2024-05-29 15:24:17.956 INFO kusciatask/controller.go:547 KusciaTask "cross-domain/secretflow-task-20240525184504-single-psi" was finished, skipping
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[bob/secretflow-task-20240525184504] (9.78µs)
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/secretflow-task-20240525182731] (9.135µs)
2024-05-29 15:24:17.956 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[bob/secretflow-task-20240528093347] (9.149µs)
2024-05-29 15:24:17.957 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/secretflow-task-20240525184504] (8.414µs)
2024-05-29 15:24:17.957 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/secretflow-task-20240528093347] (14.245µs)
2024-05-29 15:24:18.029 INFO kusciatask/controller.go:547 KusciaTask "cross-domain/secretflow-task-20240525182731-single-psi" was finished, skipping
2024-05-29 15:24:18.029 INFO kusciatask/controller.go:547 KusciaTask "cross-domain/secretflow-task-20240525184504-single-psi" was finished, skipping
2024-05-29 15:24:18.029 INFO kusciatask/controller.go:547 KusciaTask "cross-domain/secretflow-task-20240528093347-single-psi" was finished, skipping
2024-05-29 15:24:19.155 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[alice/alice-bob] (30.445µs)
2024-05-29 15:24:19.155 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[alice/bob-alice] (13.882µs)
2024-05-29 15:24:19.155 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[bob-alice] (218.878µs)
2024-05-29 15:24:19.159 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[alice-bob] (4.486918ms)
2024-05-29 15:24:20.811 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/alice-dp-table] (30.81µs)
2024-05-29 15:24:20.811 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/bob-table] (5.402µs)
2024-05-29 15:24:20.811 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[bob/alice-table] (2.144µs)
2024-05-29 15:24:20.811 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/alice-table] (87.608µs)
2024-05-29 15:24:20.820 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[bob/domaindatagrant-0bbb68f99f0454e63a29bfed0b9b496e] (23.125µs)
2024-05-29 15:24:20.820 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/domaindatagrant-ab1465f97692a74820fba0f41b2fb6a6] (21.484µs)
2024-05-29 15:24:20.824 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/domaindatagrant-0bbb68f99f0454e63a29bfed0b9b496e] (4.449333ms)

maclarencn · 2024-05-29T07:54:36Z

maclarencn · 2024-05-29T07:54:59Z

kusciaapi-server.key内容见comment

maclarencn · 2024-05-29T07:58:27Z

[root@cm-dssn-node1 secu]# openssl rsa -in kusciaapi-server.key -check
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA6wJ3tI9yuayZB/EvwJp1y36ifg3xIzd/Txvr0woEiXxtSJwC
FHH7UQmxoeFofa5p9dokDuIe0iD1vaeU2UNtXb9E8+V5tlLbWzgP8WuigmvkIFQm
bMNGbgMT6CoElnJQk7EJ9i9Eo/FYVrBAWXOWyFEnChJBgz0a9XNM1QGy3/BK6zn+
yguHKOOPZYVMFWxiNPaHTXVAWUcBgEawfpegrEHv3YynwstAfo74SPyxDjIOQ9zS
SDUxlrD5bkKLPogGpHp9CmtHB5910zucR8HxIG2K+dHnGm1DHFBJGqWfQb+yI3OY
oX9rBFVMNFq8/6Cek4+rjxpjQFRC/3M11QBO4wIDAQABAoIBAGciYRg7b9SuO0Zy
AUvcPV+9xl/djHqxC0zTaw3lspIHqgoYdQ017F3nDC6HtoyZc2Tyg6qIb5A16MJ/
feJPJfrjSsZiaaSq/hstIkoHu3zTDn1lkKtgk1MKRL05W2QO7O+z3TROECiGbQc2
ODdJc92bR6+yzU9kDKW1IP3FzhNaEKUsHOdQ4Uv3Bq1XKudGUcQa8ZxBGKBHMdu9
1NoKTGTdXgHtIPx9hXCOXnZ2B4GIyghn0PkYgVE4v/pT6AnY80zrqr+C0uPwrm5x
WnOQWu+dX/wSVpOAeike+EV07qCpvGfKVd1TcWU/H4vsyisZLecF28OFRNQB343q
SS+bnrECgYEA8QsaOjUmwHRLShTtG//XdBP3AffdkmzObWjS8vNKajLANkZU9ACp
G+HA7xTMM3INmpXqYs0/kpoBrVZFuJN7bZaUWEUuGUAv1FKDIMFXbAHAQDYhCaZf
vzaA5HukVhxyVYPia6OIAmgP33ZcTfAaJRV6mqrJeOUZjx1bxGHWofkCgYEA+ZeF
cVPJAjo4xpa+g1uKityfqQQ2uzx3IqQJTnq1e8RbXPAsIblVsGIhq0YTcDM5b2xQ
FDOxutl0SD9wBklzUoP2HWhlpdiQtl2Snm0oLUSOewV3SbnPGtWlFVh0T9V79Sdx
OXTV9hyJvcjpj28yy/wRf6SVxSFSixVIRdhXbrsCgYA5+OOb8ECbtNyOuq20ODoH
Tu3vaT+/AbA8HCPwDpdtJzuXUh8IeEgzzn3qgmQCU4H2FexDSv3pMmUI3WDzXXUo
DDktaaYGqKtYM2gaLqXp8hnc16fmfD8269LgIOSLWVgePRPts2z4tzJqGjtk+0Qu
exX7sOu3ydH126fAeY93cQKBgQCFPrHbpVobGU/0HMfKQpV8unl19qztWkNTt/TL
89BtKY+I1yMIQfQP/ONyly+LZ51S8aTylAJe+PYOF+fLQ20QcShz3KbfWfUvllbO
wwF+4SmbXXioYEzDS6kc8yLs99B8OTlF7izHfca/DcI6c6fPpFsHJKtcGQUDATKb
LvrGPwKBgQDt61O1w7Tgl4eeudfnaHASIyl04Hwaq+ldGoDyGe1uAYymqHiJjzC+
Dt2itQpAECrxTd9EVOSZXfSpduDdofdojzU8Rp3lDhyotJblBIePueV2bTU2W+B2
K73QnryggypTWCc7fOmiuIlc1gCH16O3TiDZks4tkYTIGBD8W8d2+w==
-----END RSA PRIVATE KEY-----
[root@cm-dssn-node1 secu]#

wenkesong-li · 2024-05-29T08:02:10Z

你好，调用时使用的证书是否从容器内copy出来的，路径是否正确，文件是否有权限

gshilei · 2024-05-30T07:20:26Z

Hi @maclarencn
麻烦使用以下命令贴下输出结果：
ls -lh /etc/kusciaapi*
ls -lh /etc/ca.crt
ls -lh /etc/token

gshilei self-assigned this May 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

调用job query接口，返回unable to set private key file: '/etc/kusciaapi-server.key' type PEM #330

调用job query接口，返回unable to set private key file: '/etc/kusciaapi-server.key' type PEM #330

maclarencn commented May 29, 2024

maclarencn commented May 29, 2024

maclarencn commented May 29, 2024

maclarencn commented May 29, 2024

wenkesong-li commented May 29, 2024

gshilei commented May 30, 2024

调用job query接口，返回unable to set private key file: '/etc/kusciaapi-server.key' type PEM #330

调用job query接口，返回unable to set private key file: '/etc/kusciaapi-server.key' type PEM #330

Comments

maclarencn commented May 29, 2024

Issue Type

Search for existing issues similar to yours

OS Platform and Distribution

Kuscia Version

Deployment

deployment Version

App Running type

App Running version

Configuration file used to run kuscia.

What happend and What you expected to happen.

Kuscia log output.

maclarencn commented May 29, 2024

maclarencn commented May 29, 2024

maclarencn commented May 29, 2024

wenkesong-li commented May 29, 2024

gshilei commented May 30, 2024