Upgrade IDIM Issuers to ACA-Py v0.10.2 and Askar only images. #109
Comments
|
Response from |
|
Response from |
|
Response from |
|
do we know the states of the registries (that are failing)? if they are state=="init" nothing happens, and if they are not "active", then a new registry isn't created. |
|
Where would I get that info? |
|
Try: |
|
|
|
Sigh, ok so they can get set to decommissioned and not kick off an init new registry. What we really need to know is (and I don't know how we could now...) is the state before the rotate call. It has to be "active" when you call rotate to kick off the init process. |
|
They were |
|
Looks to me like the RevReg rotation didn’t work. I don’t see any new RevRegDefs on CandyScan Dev, where the DIDs seem to be — not on Dev or SIT. It looks like the RevRegs were decommissioned, but the new RevRegDefs were not created. |
That is the purpose of the rotate — to decommission the ones that were active, and to create new ones that become the active one. However, it looks like the creation step didn’t work in this execution. |
|
Well, someone put in a I suppose if it doesn't get back to issuing then it will be |
Yeah, the only thing I can see is that kicking off the "init" process is dependent on notifications on the event bus... which is the same no matter when it's created but any chance of a message being missed? 🤷 |
Just to be clear, it will mark other registries as "decommissioned" but will only create/init a new one if the current state is |
|
I confirmed the state by looking at the state in the |
|
Agree — they must have been active. |
|
So the fix in this case is to create new registries manually using |
OK, that sounds good and narrows it down... so more along the lines of what i put above and a hiccup on the notification...? terminal states are |
|
Sorry, not sure what all that means. |
I think so. POST body is something like this: |
just showing the key parts of the logic on rotate... if they were active then init was true and it should have kicked off the |
|
Ok, that covers the fix for our current situation. Do you want a ticket in ACA-Py for tracking the permanent fix? Would the fact that these agents are using an endorser service have anything to do with the new RevRegs not being created? i.e. messages not getting to the endorser? |
|
I hate to add more work, but can we back up DEV so we (might) have another try if this doesn’t work the first time? I think this is the right thing as well.
|
Yes — we need an ACA-Py ticket. Nice to try it in the demo as the easiest way to verify the simple process works. We can even try with an Endorser there, I think. |
|
I'll create a ticket and link to this ticket for the details. |
|
can we issue a few then rotate again? see if it repeatedly fails on dev? so can you tell if the call didn't get to the endorser? or if the call didn't get back from the endorser? A lot of workflow creating the registry. |
A backup is not going to help much if things get written tot he ledger. |
|
active record is oldest published but not full. |
|
Best way to |
|
that would be the way. just to be clear |
|
OK, the Active: Full: Decommisioned: Ledger txns: |
|
On to fix upgrade and fix the |
|
nice work @WadeBarnes ! |
Thanks for the help! |
|
IDIM is experiencing errors when publishing revocations to the new RegRegs. They are not having any issues publishing revocations to the decommissioned registry. @marcos-carretero, @swcurran, @usingtechnology, @esune, @shaangill025 |
|
With the new RevRegs being published manually, is there a step that I could have missed? Does there need to be an initial RevRegEntry written to them? |
|
I think I missed writing the tails file. |
|
Tails files for the new registries have been published. |
New log (time in UTC): |
|
Reviewing the log in detail — the first errors in the sequence are from webhooks failing. Those occur starting at Anyone know why the messages to the controller are failing? It would be nice to get that cleaned up so we know it is not an issue. I think the attempt to fix the failure fails because the “fix” routine But that doesn’t solve why the RevRegEntry write fails in the first place. There are also a bunch of errors at start up similiar to the DID Resolution fix from yesterday, but it appears that things proceed regardless. I’ll see if we can get those looked at. |
|
Ah…the messages back to the controller are failing as 400s. I bet that the controller is giving a 404 for the messages it is not prepared to receive/doesn’t care about. Which is probably fine. So I think we can safely ignore those. |
|
I think I know what is going on. The creation of a RevReg does two writes — the RevRegDef and the first RevRegEntry that happens (usually) 3 seconds later. You can look at CandyScan here to see that. If you look at the latest ledger entries. The RevRegDefs were created along - no RevRegEntry. I think the fix is to try to rotate the RevRegs again. I hate that without really knowing, but I don’t see another option. Perhaps we take a database backup before... My guess is the partial completion of the RevReg |
|
hard to know which is empty/null/NoneType - |
|
I've confirmed the manual steps for creating the RevRegs is missing one final step, which is calling I was able to post the initial RevRegEntry for the "backup" RevReg, but not for the "active" RegRev. That leaves the new RegRegs in a state where it's best to rotate them. We can confirm this all again when I repair the |
|
After making a backup of the Response from the call was: RevReg States for Active: Decommissioned: So, the |
|
Nice work! Yes — that is the expected behaviour of rotate. That specific behaviour was discussed and agreed to when the feature was implemented. |
|
At IDIM's request I've rotated the RevRegs on the Response: State: Active: Decommissioned: |
|
Fixing Starting state of RevRegs for Posted: Decommissioned: Steps to recover the RevRegs that were created during rotation, but not written to the ledger:
End state of RevRegs for Active: Decommissioned: Registries:
|
|
At IDIM's request I've rotated the RevRegs on the
Active: Decommissioned: Txns for the new Registries:
|
|
IDIM reported testing was successful. |
|
Agents have been upgraded to ACA-Py 0.10.2 using; the py3.9-0.10.2 image:
The initial set of rotated RevRegs for Active:
Decommissioned: |
|
The IDIM Active:
Decommissioned: |
|
This is finally complete |
XpgeQa93eZvGSZBZef3PHn:3:CL:28075:PersonDEV7xjfawcnyTUcduWVysLww5:3:CL:28075:PersonSITKCxVC8GkKywjhWJnUfCmkW:3:CL:20:PersonQARGjWbW1eycP7FrMf4QJvX8:3:CL:13:PersonRelated task:
The text was updated successfully, but these errors were encountered: