Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oracle/oci: work request did not succeed #2090

Open
Yingwenxushe opened this issue Apr 11, 2024 · 3 comments
Open

oracle/oci: work request did not succeed #2090

Yingwenxushe opened this issue Apr 11, 2024 · 3 comments
Labels
awaiting-affected-resources Please Provide the affected resource name in description. ex. Affected resource - oci_core_instance bug

Comments

@Yingwenxushe
Copy link

resource "time_rotating" "rotation_month_oci" {
rotation_months = 5
}

resource "random_password" "oracle_admin" {
count = var.deploy_oracle_db ? 1 : 0

length = 20
min_lower = 2
min_upper = 2
min_numeric = 2
min_special = 2
override_special = "_-"
keepers = { time = time_rotating.rotation_month_oci.id }
}

resource "azurerm_key_vault_secret" "oracle_admin" {
count = var.deploy_oracle_db ? 1 : 0

name = "nexeed-oracle-admin-pw"
value = random_password.oracle_admin[0].result
key_vault_id = var.key_vault.id
}

resource "azurerm_key_vault_key" "oracle" {
count = var.deploy_oracle_db ? 1 : 0

name = "nexeed-oracle-ssh-key"
key_vault_id = var.key_vault.id
key_type = "RSA"
key_size = 2048

key_opts = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"]
}

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. 
# Please remove any sensitive information from configuration files before sharing them.

Debug Output

Panic Output

Expected Behavior

Actual Behavior

Steps to Reproduce

  1. terraform apply

Important Factoids

References
@tf-oci-pub
Copy link
Member

Thank you for reporting the issue. We observed the affected resources are not provided in the description or it's incorrect. We request you to add it in issue description as mentioned in below format.
Example: affected_resources = oci_core_instance , oci_core_instances

If it's not related to any particular resource then mention affected resource as terraform.
Example: affected_resources = terraform

As this works through automation, request you to follow exact syntax.

@tf-oci-pub tf-oci-pub added the awaiting-affected-resources Please Provide the affected resource name in description. ex. Affected resource - oci_core_instance label Apr 11, 2024
@Yingwenxushe
Copy link
Author

i get the feedback from oracle cloud side we can't change the sys and TDE wallet passwords together, while the oci tf provider support the definition together, which will trigger an issue during the password rotation.

  | I checked the behavior at the backend and found that action of the update SshKeys is successful but the UpdateDB is failed.It is observed from the logs that failure reason is as follows."DCS-10045:Validation error encountered: Please update either sys or tde credential, not both. If both need to be updated, please run workflows separately. "Retry the update operation from UI wiith correct TDE wallet password.Verify the TDE password as below on the db systemsudo su - oracleorapki wallet display -wallet /ewallet.p12You can get the TDE wallet path from the below querySQL> select * from v$encryption_wallet; -- | --

@Yingwenxushe
Copy link
Author

Yingwenxushe commented Apr 12, 2024
edited

the terraform provider definition of sys and TDE wallet password is unique, which don't support the rotation in different place.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting-affected-resources Please Provide the affected resource name in description. ex. Affected resource - oci_core_instance bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tf-oci-pub @Yingwenxushe