Brief Description ------------------------------------------------------------------------------ DC Debian - Subcloud experienced a configuration failure: Cannot install ssl-ca certificate with same subject subcloud state: [sysadmin@controller-0 ~(keystone_admin)]$ dcmanager subcloud list +----+-----------+------------+--------------+---------------+---------+---------------+-----------------+ | id | name | management | availability | deploy status | sync | backup status | backup datetime | +----+-----------+------------+--------------+---------------+---------+---------------+-----------------+ | 2 | subcloud4 | managed | online | complete | in-sync | None | None | +----+-----------+------------+--------------+---------------+---------+---------------+-----------------+ system host-list +----+--------------+-------------+----------------+-------------+--------------+ | id | hostname | personality | administrative | operational | availability | +----+--------------+-------------+----------------+-------------+--------------+ | 1 | controller-0 | controller | unlocked | enabled | degraded | +----+--------------+-------------+----------------+-------------+--------------+ ssl-ca error: sysinv 2022-09-14 15:08:33.856 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject Please uninstall the following CA certs that have the same subject first UUID : 4ae8e601-5290-4dec-a043-f73dea286051 certificate list: [sysadmin@controller-0 ~(keystone_admin)]$ system certificate-list +--------------------------------------+----------+---------------------------+-------------------------+ | uuid | certtype | expiry_date | subject | +--------------------------------------+----------+---------------------------+-------------------------+ | 4ae8e601-5290-4dec-a043-f73dea286051 | ssl_ca | 2032-09-07T17:46:14+00:00 | O=Internet Widgits P... | | c09539ba-3bc8-441e-8dbb-f5378e1cf18a | ssl_ca | 2032-09-10T21:44:43+00:00 | CN=starlingx | +--------------------------------------+----------+---------------------------+-------------------------+ [sysadmin@controller-0 ~(keystone_admin)]$ system certificate-show 4ae8e601-5290-4dec-a043-f73dea286051 +-------------+-----------------------------------------------+ | Property | Value | +-------------+-----------------------------------------------+ | uuid | 4ae8e601-5290-4dec-a043-f73dea286051 | | certtype | ssl_ca | | signature | ssl_ca_10076021394652733954 | | start_date | 2021-06-21T17:46:14+00:00 | | expiry_date | 2032-09-07T17:46:14+00:00 | | subject | O=Internet Widgits Pty Ltd,ST=Some-State,C=AU | +-------------+-----------------------------------------------+ Severity ------------------------------------------------------------------------------ Steps to Reproduce ------------------------------------------------------------------------------ Run remote subcloud install Expected Behavior Subcloud should be deployed/configured successfully Actual Behavior controller-0 of the subcloud experienced a configuration failure Reproducibility ------------------------------------------------------------------------------ 100% System Configuration DC labs / subclouds Load info (eg: 2022-03-10_20-00-07) 22.12_Debian_09-12-2022 Last Pass 22.12_Debian_09-08-2022 [sysadmin@controller-0 ~(keystone_admin)]$ system application-list +--------------------------+---------+-------------------------------------------+------------------+----------+-----------+ | application | version | manifest name | manifest file | status | progress | +--------------------------+---------+-------------------------------------------+------------------+----------+-----------+ | cert-manager | 1.0-1 | cert-manager-fluxcd-manifests | fluxcd-manifests | applied | completed | | nginx-ingress-controller | 1.0-1 | nginx-ingress-controller-fluxcd-manifests | fluxcd-manifests | applied | completed | | oidc-auth-apps | 1.0-1 | oidc-auth-apps-fluxcd-manifests | fluxcd-manifests | uploaded | completed | | platform-integ-apps | 1.0-1 | platform-integ-apps-fluxcd-manifests | fluxcd-manifests | applied | completed | +--------------------------+---------+-------------------------------------------+------------------+----------+-----------+ [sysadmin@controller-0 ~(keystone_admin)]$ [sysadmin@controller-0 ~(keystone_admin)]$ system certificate-show 5c27fe91-980a-40f8-b094-c7a01345a5bd +-------------+-----------------------------------------------+ | Property | Value | +-------------+-----------------------------------------------+ | uuid | 5c27fe91-980a-40f8-b094-c7a01345a5bd | | certtype | ssl_ca | | signature | ssl_ca_10076021394652733954 | | start_date | 2021-06-21T17:46:14+00:00 | | expiry_date | 2032-09-07T17:46:14+00:00 | | subject | O=Internet Widgits Pty Ltd,ST=Some-State,C=AU | +-------------+-----------------------------------------------+ [sysadmin@controller-0 ~(keystone_admin)]$ system host-list +----+--------------+-------------+----------------+-------------+--------------+ | id | hostname | personality | administrative | operational | availability | +----+--------------+-------------+----------------+-------------+--------------+ | 1 | controller-0 | controller | unlocked | enabled | available | +----+--------------+-------------+----------------+-------------+--------------+ [sysadmin@controller-0 ~(keystone_admin)]$ fm alarm-list +----------+---------------------------------------------------------------------+--------------------+----------+--------------+ | Alarm ID | Reason Text | Entity ID | Severity | Time Stamp | +----------+---------------------------------------------------------------------+--------------------+----------+--------------+ | 100.119 | controller-0 Precision Time Protocol (PTP) clocking is out of | host=controller-0. | major | 2022-09-14T1 | | | tolerance by more than 1 second | instance= | | 6:56:19. | | | | ptpinstance1.ptp= | | 986629 | | | | out-of-tolerance | | | | | | | | | | 100.119 | controller-0 is not locked to remote PTP Grand Master | host=controller-0. | major | 2022-09-13T1 | | | | instance= | | 3:53:19. | | | | ptpinstance2.ptp= | | 832884 | | | | no-lock | | | | | | | | | +----------+---------------------------------------------------------------------+--------------------+----------+--------------+ Timestamp/Logs sysinv 2022-09-14 15:08:33.849 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate certificate_do_post_start_2022-09-14-15-08-33 mode=ssl_ca sysinv 2022-09-14 15:08:33.855 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate is not valid before 2021-06-21 17:46:14 nor after 2032-09-07 17:46:14 sysinv 2022-09-14 15:08:33.856 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject Please uninstall the following CA certs that have the same subject first UUID : 4ae8e601-5290-4dec-a043-f73dea286051 sysinv 2022-09-14 15:08:34.861 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate certificate_do_post_start_2022-09-14-15-08-34 mode=ssl_ca sysinv 2022-09-14 15:08:34.869 120500 INFO sysinv.api.controllers.v1.certificate [-] certificate is not valid before 2021-06-21 17:46:14 nor after 2032-09-07 17:46:14 sysinv 2022-09-14 15:08:34.870 120500 ERROR sysinv.api.controllers.v1.certificate [-] Cannot install certificate with same subject Please uninstall the following CA certs that have the same subject first Alarms ------------------------------------------------------------------------------ [sysadmin@controller-0 ~(keystone_admin)]$ fm alarm-list +----------+---------------------------------------------------------------------+-------------------+----------+--------------+ | Alarm ID | Reason Text | Entity ID | Severity | Time Stamp | +----------+---------------------------------------------------------------------+-------------------+----------+--------------+ | 200.011 | controller-0 experienced a configuration failure. | host=controller-0 | critical | 2022-09-13T2 | | | | | | 2:17:04. | | | | | | 522578 | | | | | | | +----------+---------------------------------------------------------------------+-------------------+----------+--------------+ Test Activity ------------------------------------------------------------------------------ Feature Testing - subcloud deploy