Ubuntu
ca-certificates package

error in ca_certs module

Bug #1768468 reported by Gianluca Salvo
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init
Invalid
Undecided
Unassigned
ca-certificates (Ubuntu)
New
Undecided
Unassigned

Bug Description

Hello,
I'm using cloud-init in order to customize Nutanix AHV images.
I'm using the ca_certs module to upload our private ca chain (root and intermediate) but in the log I found a log that states that
-------------------------------------------------
Cloud-init v. 18.2 running 'init-local' at Wed, 02 May 2018 08:54:58 +0000. Up 6.25 seconds.
Updating certificates in /etc/ssl/certs...
rehash: skipping cloud-init-ca-certs.pem,it does not contain exactly one certificate or CRL
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
-------------------------------------------------
And the certificates are not trusted.
Ubuntu version is 18.04.

See original description
Revision history for this message
Gianluca Salvo (gianlu) wrote :
description: updated
description: updated
Revision history for this message
Ryan Harper (raharper) wrote :

Hi, I don't believe this is a cloud-init bug. Cloud-init wrote the two certificate files requested.

2018-05-02 08:55:00,913 - stages.py[DEBUG]: Running module ca-certs (<module cloudinit.config.cc_ca_certs' from '/usr/lib/python3/dist-packages/cloudinit/config/cc_ca_certs.py'>) with frequency once-per-instance
2018-05-02 08:55:00,914 - handlers.py[DEBUG]: start: init-network/config-ca-certs: running config-ca-certs with frequency once-per-instance
2018-05-02 08:55:00,914 - util.py[DEBUG]: Writing to /var/lib/cloud/instances/44574988-144d-485a-9386-2ec4f4f545c4/sem/config_ca_certs - wb: [644] 24 bytes
2018-05-02 08:55:00,914 - helpers.py[DEBUG]: Running config-ca-certs using lock (<FileLock using file '/var/lib/cloud/instances/44574988-144d-485a-9386-2ec4f4f545c4/sem/config_ca_certs'>)
2018-05-02 08:55:00,914 - cc_ca_certs.py[DEBUG]: Adding 2 certificates
2018-05-02 08:55:00,916 - util.py[DEBUG]: Writing to /usr/share/ca-certificates/cloud-init-ca-certs.crt - wb: [644] 4545 bytes
2018-05-02 08:55:00,917 - util.py[DEBUG]: Reading from /etc/ca-certificates.conf (quiet=False)
2018-05-02 08:55:00,917 - util.py[DEBUG]: Read 5898 bytes from /etc/ca-certificates.conf
2018-05-02 08:55:00,917 - util.py[DEBUG]: Writing to /etc/ca-certificates.conf - wb: [644] 5922 bytes
2018-05-02 08:55:00,918 - cc_ca_certs.py[DEBUG]: Updating certificates
2018-05-02 08:55:00,918 - util.py[DEBUG]: Running command ['update-ca-certificates'] with allowed return codes [0] (shell=False, capture=False)
2018-05-02 08:55:01,845 - handlers.py[DEBUG]: finish: init-network/config-ca-certs: SUCCESS: config-ca-certs ran successfully

The error you show mentions a 'cloud-init-ca-certs.pem' It may be related the ca-certificates package? I'm adding the package as a task.

Revision history for this message
Ryan Harper (raharper) wrote :

I'm marking the cloud-init task invalid; I don't believe cloud-init did anything wrong; but please set the task back to New if you have new information showing that cloud-init didn't do something quite right.

Changed in cloud-init:
status: New → Invalid
Revision history for this message
James Falcon (falcojr) wrote :

Tracked in Github Issues as https://github.com/canonical/cloud-init/issues/3168

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.