Skip to main content

Editing an In-Use Cloud Provider in YBA (YugabyteDB Anywhere)

Ashok Gangwar
Updated

Environment: 

YugabyteDB Anywhere version >= 2.18.5.0, 2.21.0.0, 2.20.1.0

Summary

When attempting to update or rotate credentials for a cloud provider (such as Azure) in YBA, you may encounter errors due to expired client secret keys. The system might not allow editing of a cloud provider configuration that is actively in use, resulting in authentication failures and inability to update with new credentials.

Example Error from YBA Logs

YW 2024-05-20T00:20:39.579Z [DEBUG] ... ERROR get_host_info:utils.py:1106: Failed to get VM info ... with error Authentication failed: AADSTS7000222: The provided client secret keys for app '...' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: ... Correlation ID: ... Timestamp: 2024-05-20 00:20:39Z

Solution

To resolve this, you need to enable the ability to edit an in-use cloud provider in YBA and then update the provider configuration with the new key and secret.

Step-by-Step Instructions

  1. Confirm Key Rotation

    • Verify that the new client secret/key has been generated in the Azure etc portal.

  2. Enable Provider Editing in YBA

    • Login to the YBA UI.
    • Navigate to:
      Admin > Advance > Global Configuration

    • Locate and set the following runtime configuration to true:

      yb.ui.feature_flags.edit_in_use_provider
    • Save the changes.

  3. Edit the Cloud Provider Configuration

    • Go to the Cloud Provider configuration section in the YBA UI.
    • Edit the provider to update it with the new key and secret.
    • Save the updated configuration.

  4. Verify Resolution

    • The authentication errors related to expired keys should be resolved.
    • Confirm by checking task logs or attempting operations that require provider authentication.

Notes

  • Changing the edit_in_use_provider flag allows editing of cloud provider configurations even when they are actively in use by universes or clusters.
  • This procedure should be performed during a maintenance window if possible to avoid disruption.

Troubleshooting

  • If you are unable to find the feature flag, ensure your YBA version supports this configuration.
  • If further errors occur after updating keys, double-check the new credentials and permissions in Azure.

 

Refrence : SUPPORT-592

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk