Some checks failed
API CI / API Lint (push) Successful in 47s
API CI / API Type Check (push) Failing after 47s
API CI / API Test (push) Successful in 1m0s
API CI / API Build (push) Failing after 50s
API CI / Build Docker Image (push) Has been skipped
Build Crossplane Provider / build (push) Failing after 5m51s
CD Pipeline / Deploy to Staging (push) Failing after 29s
CI Pipeline / Lint and Type Check (push) Failing after 36s
CI Pipeline / Build (push) Has been skipped
CI Pipeline / Test Backend (push) Failing after 1m33s
CI Pipeline / Test Frontend (push) Failing after 30s
CI Pipeline / Security Scan (push) Failing after 1m16s
Crossplane Provider CI / Go Test (push) Failing after 3m23s
Crossplane Provider CI / Go Lint (push) Failing after 7m27s
Crossplane Provider CI / Go Build (push) Failing after 3m27s
Deploy to Staging / Deploy to Staging (push) Failing after 30s
Portal CI / Portal Lint (push) Failing after 21s
Portal CI / Portal Type Check (push) Failing after 21s
Portal CI / Portal Test (push) Failing after 21s
Portal CI / Portal Build (push) Failing after 22s
Test Suite / frontend-tests (push) Failing after 30s
Test Suite / api-tests (push) Failing after 49s
Test Suite / blockchain-tests (push) Failing after 30s
Type Check / type-check (map[directory:. name:root]) (push) Failing after 23s
Type Check / type-check (map[directory:api name:api]) (push) Failing after 21s
Type Check / type-check (map[directory:portal name:portal]) (push) Failing after 19s
Validate Configuration Files / validate (push) Failing after 1m52s
CD Pipeline / Deploy to Production (push) Has been skipped
Co-authored-by: Cursor <cursoragent@cursor.com>
2.2 KiB
2.2 KiB
Authentication Error Fix - "invalid PVE ticket"
Date: 2025-12-13
Status: 🔧 FIXING
Issue
Symptom
- Error: "401 permission denied - invalid PVE ticket"
- Frequency: Intermittent to continuous
- Impact: BLOCKS ALL VM CREATION
- Affected: Both ML110-01 and R630-01 nodes
Error Details
GET /nodes/r630-01/status failed: 401 permission denied - invalid PVE ticket
node r630-01 is not reachable or unhealthy
Root Cause Analysis
Previous Fix Applied
- Changed from
req.AddCookie()toreq.Header.Set("Cookie", ...) - Reason:
AddCookie()automatically URL-encodes values, breaking token format
Current Status
- Code fix is in place ✅
- Provider rebuilt and restarted ✅
- But errors still occurring ⚠️
Possible Causes
- Provider not using latest code - Pod may be using old image
- Token format issue - Token may not be in correct format
- Token validity - Token may be expired or invalid
- Cookie header format - May need different format
Investigation Steps
1. Verify Token Validity
- Test token manually with curl
- Verify token works with both endpoints
- Check token format matches Proxmox expectations
2. Verify Code Fix
- Check if Cookie header fix is in code
- Verify provider is using latest image
- Ensure provider pod restarted with new image
3. Test Authentication
- Test token with exact format from controller
- Verify Cookie header is set correctly
- Check HTTP request format
Fix Applied
Code Changes
- File:
crossplane-provider-proxmox/pkg/proxmox/http_client.go - Change:
req.AddCookie()→req.Header.Set("Cookie", fmt.Sprintf("PVEAuthCookie=%s", c.token))
Provider Rebuild
- Rebuilt provider image
- Loaded into kind cluster
- Restarted provider pod
Verification
After Fix
- Check authentication errors (should be 0)
- Verify node health checks pass
- Monitor VM creation progress
Next Steps
- ✅ Verify token is valid
- ✅ Test token manually
- ✅ Rebuild provider with latest code
- ✅ Restart provider pod
- ⏳ Monitor for resolution
Last Updated: 2025-12-13
Status: 🔧 FIXING - VERIFYING RESULTS