Files
Sankofa/docs/proxmox/AUTHENTICATION_ERROR_FIX.md
defiQUG 33d50fb91e
Some checks failed
API CI / API Lint (push) Successful in 47s
API CI / API Type Check (push) Failing after 47s
API CI / API Test (push) Successful in 1m0s
API CI / API Build (push) Failing after 50s
API CI / Build Docker Image (push) Has been skipped
Build Crossplane Provider / build (push) Failing after 5m51s
CD Pipeline / Deploy to Staging (push) Failing after 29s
CI Pipeline / Lint and Type Check (push) Failing after 36s
CI Pipeline / Build (push) Has been skipped
CI Pipeline / Test Backend (push) Failing after 1m33s
CI Pipeline / Test Frontend (push) Failing after 30s
CI Pipeline / Security Scan (push) Failing after 1m16s
Crossplane Provider CI / Go Test (push) Failing after 3m23s
Crossplane Provider CI / Go Lint (push) Failing after 7m27s
Crossplane Provider CI / Go Build (push) Failing after 3m27s
Deploy to Staging / Deploy to Staging (push) Failing after 30s
Portal CI / Portal Lint (push) Failing after 21s
Portal CI / Portal Type Check (push) Failing after 21s
Portal CI / Portal Test (push) Failing after 21s
Portal CI / Portal Build (push) Failing after 22s
Test Suite / frontend-tests (push) Failing after 30s
Test Suite / api-tests (push) Failing after 49s
Test Suite / blockchain-tests (push) Failing after 30s
Type Check / type-check (map[directory:. name:root]) (push) Failing after 23s
Type Check / type-check (map[directory:api name:api]) (push) Failing after 21s
Type Check / type-check (map[directory:portal name:portal]) (push) Failing after 19s
Validate Configuration Files / validate (push) Failing after 1m52s
CD Pipeline / Deploy to Production (push) Has been skipped
chore: consolidate local WIP (repo cleanup 20260707)
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-07 09:41:34 -07:00

2.2 KiB

Authentication Error Fix - "invalid PVE ticket"

Date: 2025-12-13
Status: 🔧 FIXING


Issue

Symptom

  • Error: "401 permission denied - invalid PVE ticket"
  • Frequency: Intermittent to continuous
  • Impact: BLOCKS ALL VM CREATION
  • Affected: Both ML110-01 and R630-01 nodes

Error Details

GET /nodes/r630-01/status failed: 401 permission denied - invalid PVE ticket
node r630-01 is not reachable or unhealthy

Root Cause Analysis

Previous Fix Applied

  • Changed from req.AddCookie() to req.Header.Set("Cookie", ...)
  • Reason: AddCookie() automatically URL-encodes values, breaking token format

Current Status

  • Code fix is in place
  • Provider rebuilt and restarted
  • But errors still occurring ⚠️

Possible Causes

  1. Provider not using latest code - Pod may be using old image
  2. Token format issue - Token may not be in correct format
  3. Token validity - Token may be expired or invalid
  4. Cookie header format - May need different format

Investigation Steps

1. Verify Token Validity

  • Test token manually with curl
  • Verify token works with both endpoints
  • Check token format matches Proxmox expectations

2. Verify Code Fix

  • Check if Cookie header fix is in code
  • Verify provider is using latest image
  • Ensure provider pod restarted with new image

3. Test Authentication

  • Test token with exact format from controller
  • Verify Cookie header is set correctly
  • Check HTTP request format

Fix Applied

Code Changes

  • File: crossplane-provider-proxmox/pkg/proxmox/http_client.go
  • Change: req.AddCookie()req.Header.Set("Cookie", fmt.Sprintf("PVEAuthCookie=%s", c.token))

Provider Rebuild

  • Rebuilt provider image
  • Loaded into kind cluster
  • Restarted provider pod

Verification

After Fix

  • Check authentication errors (should be 0)
  • Verify node health checks pass
  • Monitor VM creation progress

Next Steps

  1. Verify token is valid
  2. Test token manually
  3. Rebuild provider with latest code
  4. Restart provider pod
  5. Monitor for resolution

Last Updated: 2025-12-13
Status: 🔧 FIXING - VERIFYING RESULTS