2022-09-16 18:29:43 |
Reinildes Oliveira |
bug |
|
|
added bug |
2022-09-16 18:29:49 |
Reinildes Oliveira |
starlingx: assignee |
|
Reinildes Oliveira (rjosemat) |
|
2022-09-16 18:30:54 |
Reinildes Oliveira |
description |
Brief Description
------------------------------------------------------------------------------
DC Debian - Subcloud experienced a configuration failure: Cannot install ssl-ca certificate with same subject
subcloud state:
[sysadmin@controller-0 ~(keystone_admin)]$ dcmanager subcloud list
+----+-----------+------------+--------------+---------------+---------+---------------+-----------------+
| id | name | management | availability | deploy status | sync | backup status | backup datetime |
+----+-----------+------------+--------------+---------------+---------+---------------+-----------------+
| 2 | subcloud4 | managed | online | complete | in-sync | None | None |
+----+-----------+------------+--------------+---------------+---------+---------------+-----------------+
system host-list
+----+--------------+-------------+----------------+-------------+--------------+
| id | hostname | personality | administrative | operational | availability |
+----+--------------+-------------+----------------+-------------+--------------+
| 1 | controller-0 | controller | unlocked | enabled | degraded |
+----+--------------+-------------+----------------+-------------+--------------+
ssl-ca error:
sysinv 2022-09-14 15:08:33.856 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
UUID : 4ae8e601-5290-4dec-a043-f73dea286051
certificate list:
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-list
+--------------------------------------+----------+---------------------------+-------------------------+
| uuid | certtype | expiry_date | subject |
+--------------------------------------+----------+---------------------------+-------------------------+
| 4ae8e601-5290-4dec-a043-f73dea286051 | ssl_ca | 2032-09-07T17:46:14+00:00 | O=Internet Widgits P... |
| c09539ba-3bc8-441e-8dbb-f5378e1cf18a | ssl_ca | 2032-09-10T21:44:43+00:00 | CN=starlingx |
+--------------------------------------+----------+---------------------------+-------------------------+
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-show 4ae8e601-5290-4dec-a043-f73dea286051
+-------------+-----------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------+
| uuid | 4ae8e601-5290-4dec-a043-f73dea286051 |
| certtype | ssl_ca |
| signature | ssl_ca_10076021394652733954 |
| start_date | 2021-06-21T17:46:14+00:00 |
| expiry_date | 2032-09-07T17:46:14+00:00 |
| subject | O=Internet Widgits Pty Ltd,ST=Some-State,C=AU |
+-------------+-----------------------------------------------+
Severity
------------------------------------------------------------------------------
<Critical: System/Feature is not usable after the defect>
Steps to Reproduce
------------------------------------------------------------------------------
Run remote subcloud install
Expected Behavior
Subcloud should be deployed/configured successfully
Actual Behavior
controller-0 of the subcloud experienced a configuration failure
Reproducibility
------------------------------------------------------------------------------
100%
System Configuration
DC labs / subclouds
Load info (eg: 2022-03-10_20-00-07)
22.12_Debian_09-12-2022
Last Pass
22.12_Debian_09-08-2022
[sysadmin@controller-0 ~(keystone_admin)]$ system application-list
+--------------------------+---------+-------------------------------------------+------------------+----------+-----------+
| application | version | manifest name | manifest file | status | progress |
+--------------------------+---------+-------------------------------------------+------------------+----------+-----------+
| cert-manager | 1.0-1 | cert-manager-fluxcd-manifests | fluxcd-manifests | applied | completed |
| nginx-ingress-controller | 1.0-1 | nginx-ingress-controller-fluxcd-manifests | fluxcd-manifests | applied | completed |
| oidc-auth-apps | 1.0-1 | oidc-auth-apps-fluxcd-manifests | fluxcd-manifests | uploaded | completed |
| platform-integ-apps | 1.0-1 | platform-integ-apps-fluxcd-manifests | fluxcd-manifests | applied | completed |
+--------------------------+---------+-------------------------------------------+------------------+----------+-----------+
[sysadmin@controller-0 ~(keystone_admin)]$
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-show 5c27fe91-980a-40f8-b094-c7a01345a5bd
+-------------+-----------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------+
| uuid | 5c27fe91-980a-40f8-b094-c7a01345a5bd |
| certtype | ssl_ca |
| signature | ssl_ca_10076021394652733954 |
| start_date | 2021-06-21T17:46:14+00:00 |
| expiry_date | 2032-09-07T17:46:14+00:00 |
| subject | O=Internet Widgits Pty Ltd,ST=Some-State,C=AU |
+-------------+-----------------------------------------------+
[sysadmin@controller-0 ~(keystone_admin)]$ system host-list
+----+--------------+-------------+----------------+-------------+--------------+
| id | hostname | personality | administrative | operational | availability |
+----+--------------+-------------+----------------+-------------+--------------+
| 1 | controller-0 | controller | unlocked | enabled | available |
+----+--------------+-------------+----------------+-------------+--------------+
[sysadmin@controller-0 ~(keystone_admin)]$ fm alarm-list
+----------+---------------------------------------------------------------------+--------------------+----------+--------------+
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+----------+---------------------------------------------------------------------+--------------------+----------+--------------+
| 100.119 | controller-0 Precision Time Protocol (PTP) clocking is out of | host=controller-0. | major | 2022-09-14T1 |
| | tolerance by more than 1 second | instance= | | 6:56:19. |
| | | ptpinstance1.ptp= | | 986629 |
| | | out-of-tolerance | | |
| | | | | |
| 100.119 | controller-0 is not locked to remote PTP Grand Master | host=controller-0. | major | 2022-09-13T1 |
| | | instance= | | 3:53:19. |
| | | ptpinstance2.ptp= | | 832884 |
| | | no-lock | | |
| | | | | |
+----------+---------------------------------------------------------------------+--------------------+----------+--------------+
Timestamp/Logs
sysinv 2022-09-14 15:08:33.849 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate certificate_do_post_start_2022-09-14-15-08-33 mode=ssl_ca
sysinv 2022-09-14 15:08:33.855 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate is not valid before 2021-06-21 17:46:14 nor after 2032-09-07 17:46:14
sysinv 2022-09-14 15:08:33.856 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
UUID : 4ae8e601-5290-4dec-a043-f73dea286051
sysinv 2022-09-14 15:08:34.861 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate certificate_do_post_start_2022-09-14-15-08-34 mode=ssl_ca
sysinv 2022-09-14 15:08:34.869 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate is not valid before 2021-06-21 17:46:14 nor after 2032-09-07 17:46:14
sysinv 2022-09-14 15:08:34.870 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
Alarms
------------------------------------------------------------------------------
[sysadmin@controller-0 ~(keystone_admin)]$ fm alarm-list
+----------+---------------------------------------------------------------------+-------------------+----------+--------------+
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+----------+---------------------------------------------------------------------+-------------------+----------+--------------+
| 200.011 | controller-0 experienced a configuration failure. | host=controller-0 | critical | 2022-09-13T2 |
| | | | | 2:17:04. |
| | | | | 522578 |
| | | | | |
+----------+---------------------------------------------------------------------+-------------------+----------+--------------+
Test Activity
------------------------------------------------------------------------------
Feature Testing - subcloud deploy |
Brief Description
-------------------------------------------
DC Debian - Subcloud experienced a configuration failure: Cannot install ssl-ca certificate with same subject
subcloud state:
[sysadmin@controller-0 ~(keystone_admin)]$ dcmanager subcloud list
+----+-----------+------------+--------------+---------------+---------+---------------+-----------------+
| id | name | management | availability | deploy status | sync | backup status | backup datetime |
+----+-----------+------------+--------------+---------------+---------+---------------+-----------------+
| 2 | subcloud4 | managed | online | complete | in-sync | None | None |
+----+-----------+------------+--------------+---------------+---------+---------------+-----------------+
system host-list
+----+--------------+-------------+----------------+-------------+--------------+
| id | hostname | personality | administrative | operational | availability |
+----+--------------+-------------+----------------+-------------+--------------+
| 1 | controller-0 | controller | unlocked | enabled | degraded |
+----+--------------+-------------+----------------+-------------+--------------+
ssl-ca error:
sysinv 2022-09-14 15:08:33.856 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
UUID : 4ae8e601-5290-4dec-a043-f73dea286051
certificate list:
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-list
+--------------------------------------+----------+---------------------------+-------------------------+
| uuid | certtype | expiry_date | subject |
+--------------------------------------+----------+---------------------------+-------------------------+
| 4ae8e601-5290-4dec-a043-f73dea286051 | ssl_ca | 2032-09-07T17:46:14+00:00 | O=Internet Widgits P... |
| c09539ba-3bc8-441e-8dbb-f5378e1cf18a | ssl_ca | 2032-09-10T21:44:43+00:00 | CN=starlingx |
+--------------------------------------+----------+---------------------------+-------------------------+
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-show 4ae8e601-5290-4dec-a043-f73dea286051
+-------------+-----------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------+
| uuid | 4ae8e601-5290-4dec-a043-f73dea286051 |
| certtype | ssl_ca |
| signature | ssl_ca_10076021394652733954 |
| start_date | 2021-06-21T17:46:14+00:00 |
| expiry_date | 2032-09-07T17:46:14+00:00 |
| subject | O=Internet Widgits Pty Ltd,ST=Some-State,C=AU |
+-------------+-----------------------------------------------+
Severity
-------------------------------------------
<Critical: System/Feature is not usable after the defect>
Steps to Reproduce
-------------------------------------------
Run remote subcloud install
Expected Behavior
Subcloud should be deployed/configured successfully
Actual Behavior
controller-0 of the subcloud experienced a configuration failure
Reproducibility
------------------------------------------------------------------------------
100%
System Configuration
DC labs / subclouds
Load info (eg: 2022-03-10_20-00-07)
22.12_Debian_09-12-2022
Last Pass
22.12_Debian_09-08-2022
[sysadmin@controller-0 ~(keystone_admin)]$ system application-list
+--------------------------+---------+-------------------------------------------+------------------+----------+-----------+
| application | version | manifest name | manifest file | status | progress |
+--------------------------+---------+-------------------------------------------+------------------+----------+-----------+
| cert-manager | 1.0-1 | cert-manager-fluxcd-manifests | fluxcd-manifests | applied | completed |
| nginx-ingress-controller | 1.0-1 | nginx-ingress-controller-fluxcd-manifests | fluxcd-manifests | applied | completed |
| oidc-auth-apps | 1.0-1 | oidc-auth-apps-fluxcd-manifests | fluxcd-manifests | uploaded | completed |
| platform-integ-apps | 1.0-1 | platform-integ-apps-fluxcd-manifests | fluxcd-manifests | applied | completed |
+--------------------------+---------+-------------------------------------------+------------------+----------+-----------+
[sysadmin@controller-0 ~(keystone_admin)]$
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-show 5c27fe91-980a-40f8-b094-c7a01345a5bd
+-------------+-----------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------+
| uuid | 5c27fe91-980a-40f8-b094-c7a01345a5bd |
| certtype | ssl_ca |
| signature | ssl_ca_10076021394652733954 |
| start_date | 2021-06-21T17:46:14+00:00 |
| expiry_date | 2032-09-07T17:46:14+00:00 |
| subject | O=Internet Widgits Pty Ltd,ST=Some-State,C=AU |
+-------------+-----------------------------------------------+
[sysadmin@controller-0 ~(keystone_admin)]$ system host-list
+----+--------------+-------------+----------------+-------------+--------------+
| id | hostname | personality | administrative | operational | availability |
+----+--------------+-------------+----------------+-------------+--------------+
| 1 | controller-0 | controller | unlocked | enabled | available |
+----+--------------+-------------+----------------+-------------+--------------+
[sysadmin@controller-0 ~(keystone_admin)]$ fm alarm-list
+----------+---------------------------------------------------------------------+--------------------+----------+--------------+
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+----------+---------------------------------------------------------------------+--------------------+----------+--------------+
| 100.119 | controller-0 Precision Time Protocol (PTP) clocking is out of | host=controller-0. | major | 2022-09-14T1 |
| | tolerance by more than 1 second | instance= | | 6:56:19. |
| | | ptpinstance1.ptp= | | 986629 |
| | | out-of-tolerance | | |
| | | | | |
| 100.119 | controller-0 is not locked to remote PTP Grand Master | host=controller-0. | major | 2022-09-13T1 |
| | | instance= | | 3:53:19. |
| | | ptpinstance2.ptp= | | 832884 |
| | | no-lock | | |
| | | | | |
+----------+---------------------------------------------------------------------+--------------------+----------+--------------+
Timestamp/Logs
sysinv 2022-09-14 15:08:33.849 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate certificate_do_post_start_2022-09-14-15-08-33 mode=ssl_ca
sysinv 2022-09-14 15:08:33.855 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate is not valid before 2021-06-21 17:46:14 nor after 2032-09-07 17:46:14
sysinv 2022-09-14 15:08:33.856 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
UUID : 4ae8e601-5290-4dec-a043-f73dea286051
sysinv 2022-09-14 15:08:34.861 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate certificate_do_post_start_2022-09-14-15-08-34 mode=ssl_ca
sysinv 2022-09-14 15:08:34.869 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate is not valid before 2021-06-21 17:46:14 nor after 2032-09-07 17:46:14
sysinv 2022-09-14 15:08:34.870 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
Alarms
-------------------------------------------
[sysadmin@controller-0 ~(keystone_admin)]$ fm alarm-list
+----------+---------------------------------------------------------------------+-------------------+----------+--------------+
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+----------+---------------------------------------------------------------------+-------------------+----------+--------------+
| 200.011 | controller-0 experienced a configuration failure. | host=controller-0 | critical | 2022-09-13T2 |
| | | | | 2:17:04. |
| | | | | 522578 |
| | | | | |
+----------+---------------------------------------------------------------------+-------------------+----------+--------------+
Test Activity
-------------------------------------------
Feature Testing - subcloud deploy |
|
2022-09-16 18:34:45 |
OpenStack Infra |
starlingx: status |
New |
In Progress |
|
2022-09-16 19:16:05 |
Reinildes Oliveira |
description |
Brief Description
-------------------------------------------
DC Debian - Subcloud experienced a configuration failure: Cannot install ssl-ca certificate with same subject
subcloud state:
[sysadmin@controller-0 ~(keystone_admin)]$ dcmanager subcloud list
+----+-----------+------------+--------------+---------------+---------+---------------+-----------------+
| id | name | management | availability | deploy status | sync | backup status | backup datetime |
+----+-----------+------------+--------------+---------------+---------+---------------+-----------------+
| 2 | subcloud4 | managed | online | complete | in-sync | None | None |
+----+-----------+------------+--------------+---------------+---------+---------------+-----------------+
system host-list
+----+--------------+-------------+----------------+-------------+--------------+
| id | hostname | personality | administrative | operational | availability |
+----+--------------+-------------+----------------+-------------+--------------+
| 1 | controller-0 | controller | unlocked | enabled | degraded |
+----+--------------+-------------+----------------+-------------+--------------+
ssl-ca error:
sysinv 2022-09-14 15:08:33.856 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
UUID : 4ae8e601-5290-4dec-a043-f73dea286051
certificate list:
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-list
+--------------------------------------+----------+---------------------------+-------------------------+
| uuid | certtype | expiry_date | subject |
+--------------------------------------+----------+---------------------------+-------------------------+
| 4ae8e601-5290-4dec-a043-f73dea286051 | ssl_ca | 2032-09-07T17:46:14+00:00 | O=Internet Widgits P... |
| c09539ba-3bc8-441e-8dbb-f5378e1cf18a | ssl_ca | 2032-09-10T21:44:43+00:00 | CN=starlingx |
+--------------------------------------+----------+---------------------------+-------------------------+
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-show 4ae8e601-5290-4dec-a043-f73dea286051
+-------------+-----------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------+
| uuid | 4ae8e601-5290-4dec-a043-f73dea286051 |
| certtype | ssl_ca |
| signature | ssl_ca_10076021394652733954 |
| start_date | 2021-06-21T17:46:14+00:00 |
| expiry_date | 2032-09-07T17:46:14+00:00 |
| subject | O=Internet Widgits Pty Ltd,ST=Some-State,C=AU |
+-------------+-----------------------------------------------+
Severity
-------------------------------------------
<Critical: System/Feature is not usable after the defect>
Steps to Reproduce
-------------------------------------------
Run remote subcloud install
Expected Behavior
Subcloud should be deployed/configured successfully
Actual Behavior
controller-0 of the subcloud experienced a configuration failure
Reproducibility
------------------------------------------------------------------------------
100%
System Configuration
DC labs / subclouds
Load info (eg: 2022-03-10_20-00-07)
22.12_Debian_09-12-2022
Last Pass
22.12_Debian_09-08-2022
[sysadmin@controller-0 ~(keystone_admin)]$ system application-list
+--------------------------+---------+-------------------------------------------+------------------+----------+-----------+
| application | version | manifest name | manifest file | status | progress |
+--------------------------+---------+-------------------------------------------+------------------+----------+-----------+
| cert-manager | 1.0-1 | cert-manager-fluxcd-manifests | fluxcd-manifests | applied | completed |
| nginx-ingress-controller | 1.0-1 | nginx-ingress-controller-fluxcd-manifests | fluxcd-manifests | applied | completed |
| oidc-auth-apps | 1.0-1 | oidc-auth-apps-fluxcd-manifests | fluxcd-manifests | uploaded | completed |
| platform-integ-apps | 1.0-1 | platform-integ-apps-fluxcd-manifests | fluxcd-manifests | applied | completed |
+--------------------------+---------+-------------------------------------------+------------------+----------+-----------+
[sysadmin@controller-0 ~(keystone_admin)]$
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-show 5c27fe91-980a-40f8-b094-c7a01345a5bd
+-------------+-----------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------+
| uuid | 5c27fe91-980a-40f8-b094-c7a01345a5bd |
| certtype | ssl_ca |
| signature | ssl_ca_10076021394652733954 |
| start_date | 2021-06-21T17:46:14+00:00 |
| expiry_date | 2032-09-07T17:46:14+00:00 |
| subject | O=Internet Widgits Pty Ltd,ST=Some-State,C=AU |
+-------------+-----------------------------------------------+
[sysadmin@controller-0 ~(keystone_admin)]$ system host-list
+----+--------------+-------------+----------------+-------------+--------------+
| id | hostname | personality | administrative | operational | availability |
+----+--------------+-------------+----------------+-------------+--------------+
| 1 | controller-0 | controller | unlocked | enabled | available |
+----+--------------+-------------+----------------+-------------+--------------+
[sysadmin@controller-0 ~(keystone_admin)]$ fm alarm-list
+----------+---------------------------------------------------------------------+--------------------+----------+--------------+
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+----------+---------------------------------------------------------------------+--------------------+----------+--------------+
| 100.119 | controller-0 Precision Time Protocol (PTP) clocking is out of | host=controller-0. | major | 2022-09-14T1 |
| | tolerance by more than 1 second | instance= | | 6:56:19. |
| | | ptpinstance1.ptp= | | 986629 |
| | | out-of-tolerance | | |
| | | | | |
| 100.119 | controller-0 is not locked to remote PTP Grand Master | host=controller-0. | major | 2022-09-13T1 |
| | | instance= | | 3:53:19. |
| | | ptpinstance2.ptp= | | 832884 |
| | | no-lock | | |
| | | | | |
+----------+---------------------------------------------------------------------+--------------------+----------+--------------+
Timestamp/Logs
sysinv 2022-09-14 15:08:33.849 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate certificate_do_post_start_2022-09-14-15-08-33 mode=ssl_ca
sysinv 2022-09-14 15:08:33.855 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate is not valid before 2021-06-21 17:46:14 nor after 2032-09-07 17:46:14
sysinv 2022-09-14 15:08:33.856 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
UUID : 4ae8e601-5290-4dec-a043-f73dea286051
sysinv 2022-09-14 15:08:34.861 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate certificate_do_post_start_2022-09-14-15-08-34 mode=ssl_ca
sysinv 2022-09-14 15:08:34.869 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate is not valid before 2021-06-21 17:46:14 nor after 2032-09-07 17:46:14
sysinv 2022-09-14 15:08:34.870 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
Alarms
-------------------------------------------
[sysadmin@controller-0 ~(keystone_admin)]$ fm alarm-list
+----------+---------------------------------------------------------------------+-------------------+----------+--------------+
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+----------+---------------------------------------------------------------------+-------------------+----------+--------------+
| 200.011 | controller-0 experienced a configuration failure. | host=controller-0 | critical | 2022-09-13T2 |
| | | | | 2:17:04. |
| | | | | 522578 |
| | | | | |
+----------+---------------------------------------------------------------------+-------------------+----------+--------------+
Test Activity
-------------------------------------------
Feature Testing - subcloud deploy |
Brief Description
-------------------------------------------
DC Debian - Subcloud experienced a configuration failure: Cannot install ssl-ca certificate with same subject
subcloud state:
[sysadmin@controller-0 ~(keystone_admin)]$ dcmanager subcloud list
+----+-----------+------------+--------------+---------------+---------+---------------+-----------------+
| id | name | management | availability | deploy status | sync | backup status | backup datetime |
+----+-----------+------------+--------------+---------------+---------+---------------+-----------------+
| 2 | subcloud4 | managed | online | complete | in-sync | None | None |
+----+-----------+------------+--------------+---------------+---------+---------------+-----------------+
system host-list
+----+--------------+-------------+----------------+-------------+--------------+
| id | hostname | personality | administrative | operational | availability |
+----+--------------+-------------+----------------+-------------+--------------+
| 1 | controller-0 | controller | unlocked | enabled | degraded |
+----+--------------+-------------+----------------+-------------+--------------+
ssl-ca error:
sysinv 2022-09-14 15:08:33.856 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
UUID : 4ae8e601-5290-4dec-a043-f73dea286051
certificate list:
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-list
+--------------------------------------+----------+---------------------------+-------------------------+
| uuid | certtype | expiry_date | subject |
+--------------------------------------+----------+---------------------------+-------------------------+
| 4ae8e601-5290-4dec-a043-f73dea286051 | ssl_ca | 2032-09-07T17:46:14+00:00 | O=Internet Widgits P... |
| c09539ba-3bc8-441e-8dbb-f5378e1cf18a | ssl_ca | 2032-09-10T21:44:43+00:00 | CN=starlingx |
+--------------------------------------+----------+---------------------------+-------------------------+
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-show 4ae8e601-5290-4dec-a043-f73dea286051
+-------------+-----------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------+
| uuid | 4ae8e601-5290-4dec-a043-f73dea286051 |
| certtype | ssl_ca |
| signature | ssl_ca_10076021394652733954 |
| start_date | 2021-06-21T17:46:14+00:00 |
| expiry_date | 2032-09-07T17:46:14+00:00 |
| subject | O=Internet Widgits Pty Ltd,ST=Some-State,C=AU |
+-------------+-----------------------------------------------+
Severity
-------------------------------------------
<Critical: System/Feature is not usable after the defect>
Steps to Reproduce
-------------------------------------------
Run remote subcloud install
Expected Behavior
Subcloud should be deployed/configured successfully
Actual Behavior
controller-0 of the subcloud experienced a configuration failure
Reproducibility
-----------------------------
100%
System Configuration
DC labs / subclouds
Load info (eg: 2022-03-10_20-00-07)
22.12_Debian_09-12-2022
Last Pass
22.12_Debian_09-08-2022
[sysadmin@controller-0 ~(keystone_admin)]$ system application-list
+--------------------------+---------+-------------------------------------------+------------------+----------+-----------+
| application | version | manifest name | manifest file | status | progress |
+--------------------------+---------+-------------------------------------------+------------------+----------+-----------+
| cert-manager | 1.0-1 | cert-manager-fluxcd-manifests | fluxcd-manifests | applied | completed |
| nginx-ingress-controller | 1.0-1 | nginx-ingress-controller-fluxcd-manifests | fluxcd-manifests | applied | completed |
| oidc-auth-apps | 1.0-1 | oidc-auth-apps-fluxcd-manifests | fluxcd-manifests | uploaded | completed |
| platform-integ-apps | 1.0-1 | platform-integ-apps-fluxcd-manifests | fluxcd-manifests | applied | completed |
+--------------------------+---------+-------------------------------------------+------------------+----------+-----------+
[sysadmin@controller-0 ~(keystone_admin)]$
[sysadmin@controller-0 ~(keystone_admin)]$ system certificate-show 5c27fe91-980a-40f8-b094-c7a01345a5bd
+-------------+-----------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------+
| uuid | 5c27fe91-980a-40f8-b094-c7a01345a5bd |
| certtype | ssl_ca |
| signature | ssl_ca_10076021394652733954 |
| start_date | 2021-06-21T17:46:14+00:00 |
| expiry_date | 2032-09-07T17:46:14+00:00 |
| subject | O=Internet Widgits Pty Ltd,ST=Some-State,C=AU |
+-------------+-----------------------------------------------+
[sysadmin@controller-0 ~(keystone_admin)]$ system host-list
+----+--------------+-------------+----------------+-------------+--------------+
| id | hostname | personality | administrative | operational | availability |
+----+--------------+-------------+----------------+-------------+--------------+
| 1 | controller-0 | controller | unlocked | enabled | available |
+----+--------------+-------------+----------------+-------------+--------------+
[sysadmin@controller-0 ~(keystone_admin)]$ fm alarm-list
+----------+---------------------------------------------------------------------+--------------------+----------+--------------+
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+----------+---------------------------------------------------------------------+--------------------+----------+--------------+
| 100.119 | controller-0 Precision Time Protocol (PTP) clocking is out of | host=controller-0. | major | 2022-09-14T1 |
| | tolerance by more than 1 second | instance= | | 6:56:19. |
| | | ptpinstance1.ptp= | | 986629 |
| | | out-of-tolerance | | |
| | | | | |
| 100.119 | controller-0 is not locked to remote PTP Grand Master | host=controller-0. | major | 2022-09-13T1 |
| | | instance= | | 3:53:19. |
| | | ptpinstance2.ptp= | | 832884 |
| | | no-lock | | |
| | | | | |
+----------+---------------------------------------------------------------------+--------------------+----------+--------------+
Timestamp/Logs
-------------------------------------------
sysinv 2022-09-14 15:08:33.849 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate certificate_do_post_start_2022-09-14-15-08-33 mode=ssl_ca
sysinv 2022-09-14 15:08:33.855 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate is not valid before 2021-06-21 17:46:14 nor after 2032-09-07 17:46:14
sysinv 2022-09-14 15:08:33.856 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
UUID : 4ae8e601-5290-4dec-a043-f73dea286051
sysinv 2022-09-14 15:08:34.861 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate certificate_do_post_start_2022-09-14-15-08-34 mode=ssl_ca
sysinv 2022-09-14 15:08:34.869 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate is not valid before 2021-06-21 17:46:14 nor after 2032-09-07 17:46:14
sysinv 2022-09-14 15:08:34.870 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject
Please uninstall the following CA certs that have the same subject first
Alarms
-------------------------------------------
[sysadmin@controller-0 ~(keystone_admin)]$ fm alarm-list
+----------+---------------------------------------------------------------------+-------------------+----------+--------------+
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+----------+---------------------------------------------------------------------+-------------------+----------+--------------+
| 200.011 | controller-0 experienced a configuration failure. | host=controller-0 | critical | 2022-09-13T2 |
| | | | | 2:17:04. |
| | | | | 522578 |
| | | | | |
+----------+---------------------------------------------------------------------+-------------------+----------+--------------+
Test Activity
-------------------------------------------
Feature Testing - subcloud deploy |
|
2022-09-16 20:48:03 |
Ghada Khalil |
tags |
|
stx.8.0 stx.distcloud stx.security |
|
2022-09-16 21:56:00 |
OpenStack Infra |
starlingx: status |
In Progress |
Fix Released |
|
2022-09-16 21:57:21 |
Ghada Khalil |
starlingx: importance |
Undecided |
Medium |
|