Canonical Juju

Bug #1783340
Comment #2

Comment 2 for bug 1783340

Revision history for this message

Heather Lanigan (hmlanigan) wrote on 2018-08-02:

The PR above has been landed. The current error is:

$ juju restore-backup -m controller --file /tmp/juju-backup-nagios-1.tgz --debug
...
10:34:38 DEBUG juju.api.backups restore.go:183 Attempting finishRestore
10:34:38 INFO juju.juju api.go:67 connecting to API addresses: [10.63.22.57:17070]
10:34:46 DEBUG juju.api apiclient.go:855 error dialing websocket: x509: certificate signed by unknown authority
10:34:46 DEBUG juju.rpc server.go:325 error closing codec: write tcp 10.63.22.1:36666->10.63.22.57:17070: i/o timeout
ERROR could not finish restore process: : unable to connect to API: x509: certificate signed by unknown authority
10:34:46 DEBUG cmd supercommand.go:459 error stack:
x509: certificate signed by unknown authority
github.com/juju/juju/api/apiclient.go:890:
github.com/juju/juju/api/apiclient.go:856: unable to connect to API
github.com/juju/juju/api/apiclient.go:752:
github.com/juju/juju/api/apiclient.go:597:
github.com/juju/juju/api/apiclient.go:197:
github.com/juju/juju/juju/api.go:72:
github.com/juju/juju/cmd/juju/backups/backups.go:76:
github.com/juju/juju/cmd/juju/backups/restore.go:145:
github.com/juju/juju/api/backups/restore.go:187:
github.com/juju/juju/api/backups/restore.go:164: could not finish restore process:
github.com/juju/juju/cmd/juju/backups/restore.go:200:
$
$ juju status
ERROR unable to connect to API: x509: certificate signed by unknown authority

Additional info from @akremenetsky (via pr) on next steps:

As for the error that you see. This occurs due to an incorrect certificate on the client side. When you did "bootstrap" command (number 5 from QA steps), a new certificates is generated on the client side. Then you perform the "restore-backup" command. Juju controller sets a certificate that was in the backup file but on the client side no changes occur. The client uses the certificate that "bootstrap" command generated. As result incorrect cert. on the client.
A possible solution. The "restore-backup" command should update certificates on the client side as well.

The PR above has been landed.  The current error is:

$ juju restore-backup -m controller --file /tmp/juju-backup-nagios-1.tgz --debug
...
10:34:38 DEBUG juju.api.backups restore.go:183 Attempting finishRestore
10:34:38 INFO juju.juju api.go:67 connecting to API addresses: [10.63.22.57:17070]
10:34:46 DEBUG juju.api apiclient.go:855 error dialing websocket: x509: certificate signed by unknown authority
10:34:46 DEBUG juju.rpc server.go:325 error closing codec: write tcp 10.63.22.1:36666->10.63.22.57:17070: i/o timeout
ERROR could not finish restore process: : unable to connect to API: x509: certificate signed by unknown authority
10:34:46 DEBUG cmd supercommand.go:459 error stack:
x509: certificate signed by unknown authority
github.com/juju/juju/api/apiclient.go:890:
github.com/juju/juju/api/apiclient.go:856: unable to connect to API
github.com/juju/juju/api/apiclient.go:752:
github.com/juju/juju/api/apiclient.go:597:
github.com/juju/juju/api/apiclient.go:197:
github.com/juju/juju/juju/api.go:72:
github.com/juju/juju/cmd/juju/backups/backups.go:76:
github.com/juju/juju/cmd/juju/backups/restore.go:145:
github.com/juju/juju/api/backups/restore.go:187:
github.com/juju/juju/api/backups/restore.go:164: could not finish restore process: 
github.com/juju/juju/cmd/juju/backups/restore.go:200:
$
$ juju status
ERROR unable to connect to API: x509: certificate signed by unknown authority

Additional info from @akremenetsky (via pr) on next steps: