@aleksander_jachowicz Did you find any solution?
Unfortunately not. And I spent a week on an off diagnosing it. Hoping someone from Sailpoint development will have that fixed as doesn’t seem to be configuration issue.
same thing. I have sent message to developer relations team and pinged over ambassadors chat as well. Still no help. Will update you if I get any response.@developer_relations_team
2 Likes
Hey @JackSparrow @aleksander_jachowicz,
I’ve raised a ticket with the demo hub team to take a further look into the VA issues.
They suggested two commands you could run that has resolved this in the past:
va-bootstrap pair -t internal
va-bootstrap set-passphrase -t internal
I’ve heard from @JackSparrow that this did not help on his end, but I wanted to post it here in case it resolves the issue on other tenants.
4 Likes
Just for the reference, I did use these commands and that didn’t help.
2 Likes
I think you need to make sure it is paired in a ‘demo’ setting. I don’t have immediate access right now to a VA, but I believe you need to pair it so that the VA recognizes that it is a DEMO environment, hence goes to the identitynow-demo.com url
1 Like
This is what you need to do / run on the VA:
va-bootstrap reset
va-bootstrap set-passphrase -t demo
That worked for me for getting the VA setup for an *.identitynow-demo.com environment.
1 Like
Have you only tried the OVA version? Curious if you’d have the issue if you tried deploying to GCP, AWS, or Azure. I have yet to encounter it as I use the Azure image which has its own sep file. I’m assuming you are trying to deploy the OVA to vSphere then? Cluster Components shows the CCG enabled in the UI?
Tried with -demo as well.
Yes, I’m using vmware workstation pro to run the OVA files. Haven’t tried deploying on cloud. But same was working few months back. Yes, by default CCG was checked.
Thanks. I’ll see if I can reproduce using OVA.
1 Like
Subject: VA job processing locked - charon service crash loop prevents container startup
Issue Summary: The Virtual Appliance appears to have jobs locked due to the charon service repeatedly throwing an error every 30 seconds, preventing normal operation. Only 2 of 8 expected containers are running (charon and va_agent). Missing containers include: fluent/va, toolbox, ccg and on.
Error Details:
NoMethodError: undefined method `include?' for nil
/opt/sailpoint/lib/configuration.rb:499:in `write_fluent_conf'
The charon service crashes during the write_fluent_conf method when attempting to execute:
ruby
creds[:sc]['vaDownloadUrl'].include?('sptcbu') ? dev = true : dev = false
When vaDownloadUrl is nil, the .include?() method call fails, causing the Ruby script to crash. This prevents charon from completing its configuration loop, which blocks:
-
Job execution
-
Container startup
-
Normal VA operation
Root Cause: The VA is running an outdated charon image:
-
Current image on broken VA:
406205545357.dkr.ecr.us-east-1.amazonaws.com/sailpoint/charon:latest-
Image ID:
faeb1267204a -
Age: 16 months old
-
Contains the buggy code at line 499
-
-
Current image on working VAs:
706944607044.dkr.ecr.us-east-1.amazonaws.com/sailpoint/charon:current-
Image ID:
ba7e116ca558 -
Age: 2 months old
-
Bug has been fixed - no longer checks
vaDownloadUrl
-
Code Comparison:
-
Old code (line 499, broken): Checks if download URL contains ‘sptcbu’
-
New code (line 607, fixed): Checks if pod is in DEV_PODS constant -
DEV_PODS.include?(creds[:config]['pod'])
Resolution Needed: The VA needs to be updated to pull from the correct ECR registry (706944607044) and update to the current charon image that contains the bug fix.
4 Likes
I didn’t get a chance to look at it until today since I use ARM Mac and I can’t get OVA to run on a virtual Windows machine. Had to get my hands on a Windows laptop with VMWare. But there you go. Issue with the charon image being older and expecting the vaDownloadUrl. Till they fix that the va-latest won’t work for us.
Thanks @SteinerBBQ! Appreciate your detailed analysis on this. @tyler_mairose Hope this helps demo hub team to fix the issue.
Thank you @SteinerBBQ, I added your comments to the Triage ticket created!
1 Like
I run into this problem today. I could not make VA work, but got a workaround. I downloaded VA from some client tenant. It worked fine in my partner tenant.
It appears that VA images from client and partners/demo tenants are not the same.
@tyler_mairose . Any updates on the triage ticket? Want to know when the issue will be fixed
Same here. Any news?
Could you please try to create a new cluster once again? and check whether ccg is coming or not and wait for 30 mints.
Thank you.
@aleksander_jachowicz Just checking for any update?
I am also facing the same issue on the demo tenant.
