Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fingerprint_sha256 and fingerprint_sha1 empty after upgrade for user certs in /etc/stunnel/certs/ #5955

Open
stormi opened this issue Aug 28, 2024 · 5 comments
Open

fingerprint_sha256 and fingerprint_sha1 empty after upgrade for user certs in /etc/stunnel/certs/ #5955

stormi opened this issue Aug 28, 2024 · 5 comments
Assignees
@snwoods

Comments

@stormi
Copy link
Contributor

stormi commented Aug 28, 2024

I'm on XAPI 24.19.2, to which I applied this fix so that the new fingerprint fields are filled.

However, this wasn't enough, and after a XAPI restart I still have a certificate for which these fields are empty:

[19:25 xcpng-ci-83-a1 ~]# xe certificate-param-list uuid=fd7be45e-f6f2-8f39-cf9d-ef6c86e9fc82
uuid ( RO)                  : fd7be45e-f6f2-8f39-cf9d-ef6c86e9fc82
                  type ( RO): ca
                  name ( RO): sdn-controller-ca.pem
                  host ( RO): <not in database>
            not-before ( RO): 20210301T17:42:44Z
             not-after ( RO): 20480716T17:42:44Z
           fingerprint ( RO): 28:41:71:99:BF:C0:AD:7A:25:01:43:FE:6E:54:7F:26:77:04:28:83:B0:0C:4C:61:A6:C1:D7:CB:FF:B3:DD:E4
    fingerprint_sha256 ( RO): 
      fingerprint_sha1 ( RO):

I'm not very good at reading ocaml changesets, but it looks like #5786 left aside user certificates and only fixed host certificates.

It turns out this has real consequences, as our automated tests detected. Consider the following scenario.

  • Pool A was regularly updated. It has one or several user certificates, whose fingerprint_sha256 field remains empty.
  • A new host, B1, was freshly installed and also has the same user certificates
  • The user wants to join B1 to Pool A.
  • XAPI performs sanity checks on certificates, and notably it checks that certificates are consistent: a certificate present on both pools with the same name must have the same fingerprint. But recently you started checking the fingerprint_sha256, which is empty on pool A and not empty in host B1. The check fails, and the pool join fails with : "The host joining the pool has different CA certificates from the pool coordinator while using the same name, uninstall them and try again".

The relevant code for this check is here: https://github.com/xapi-project/xen-api/blob/master/ocaml/xapi/xapi_pool.ml#L764

CCing @snwoods as the committer of PR #5786.
@psafont
Copy link
Member

psafont commented Aug 29, 2024
edited
Loading

Thanks for reporting the issue, I've created CA-398341 to track this internally.

I've created a branch with an untested patch: master...psafont:xen-api:private/paus/fingers-crossed

I'm going on holidays tomorrow, so somebody else will need to pick up the work.

@stormi stormi mentioned this issue Aug 30, 2024
Merged
@stormi
Copy link
Contributor Author

stormi commented Sep 6, 2024
edited
Loading

So, we released an update with this fix, and a tester found their XAPI not starting anymore.

One year ago, they had removed a certificate manually from disk without uninstalling it cleanly from XAPI. XAPI attempts to update its metadata, but fails on the missing file.

We downgraded XAPI, ran touch /etc/stunnel/certs/sdn-controller-ca.pem because xe pool-certificate-uninstall can't remove a certificate whose file is already removed, even with --force (<---- improvement suggestion here), uninstalled the cert, then updated back. System repaired.

We probably shouldn't make XAPI startup fail in this situation.

@stormi
Copy link
Contributor Author

stormi commented Sep 6, 2024

Log extract:

Sep  6 11:15:01 xcpng-alpha xapi: [debug||0 |server_init D:79e713e28a1a|startup] task [Update shared certificate's metadata]
Sep  6 11:15:01 xcpng-alpha xapi: [debug||0 |server_init D:79e713e28a1a|dummytaskhelper] task Update shared certificate's metadata D:42d37187c25d created by task D:79e713e28a1a
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] Update shared certificate's metadata D:42d37187c25d failed with exception Unix.Unix_error(Unix.ENOENT, "open", "/etc/stunnel/certs/sdn-controller-ca.pem")
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] Raised Unix.Unix_error(Unix.ENOENT, "open", "/etc/stunnel/certs/sdn-controller-ca.pem")
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] 1/12 xapi Raised at file ocaml/libs/xapi-stdext/lib/xapi-stdext-unix/unixext.ml, line 92
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] 2/12 xapi Called from file ocaml/libs/xapi-stdext/lib/xapi-stdext-unix/unixext.ml, line 177
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] 3/12 xapi Called from file ocaml/libs/xapi-stdext/lib/xapi-stdext-unix/unixext.ml, line 179
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] 4/12 xapi Called from file ocaml/xapi/certificates.ml, line 282
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] 5/12 xapi Called from file list.ml, line 110
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] 6/12 xapi Called from file ocaml/libs/xapi-stdext/lib/xapi-stdext-pervasives/pervasiveext.ml, line 24
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] 7/12 xapi Called from file ocaml/libs/xapi-stdext/lib/xapi-stdext-pervasives/pervasiveext.ml, line 39
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] 8/12 xapi Called from file ocaml/xapi/server_helpers.ml, line 72
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] 9/12 xapi Called from file ocaml/xapi/server_helpers.ml, line 94
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] 10/12 xapi Called from file ocaml/libs/xapi-stdext/lib/xapi-stdext-pervasives/pervasiveext.ml, line 24
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] 11/12 xapi Called from file ocaml/libs/xapi-stdext/lib/xapi-stdext-pervasives/pervasiveext.ml, line 39
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace] 12/12 xapi Called from file ocaml/libs/log/debug.ml, line 250
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 |server_init D:79e713e28a1a|backtrace]
Sep  6 11:15:01 xcpng-alpha xapi: [ warn||0 |server_init D:79e713e28a1a|startup] task [Update shared certificate's metadata] exception: Unix.Unix_error(Unix.ENOENT, "open", "/etc/stunnel/certs/sdn-controller-ca.pem")
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] server_init D:79e713e28a1a failed with exception Unix.Unix_error(Unix.ENOENT, "open", "/etc/stunnel/certs/sdn-controller-ca.pem")
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] Raised Unix.Unix_error(Unix.ENOENT, "open", "/etc/stunnel/certs/sdn-controller-ca.pem")
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 1/15 xapi Raised at file ocaml/libs/log/debug.ml, line 267
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 2/15 xapi Called from file ocaml/libs/xapi-stdext/lib/xapi-stdext-pervasives/pervasiveext.ml, line 24
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 3/15 xapi Called from file ocaml/libs/xapi-stdext/lib/xapi-stdext-pervasives/pervasiveext.ml, line 39
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 4/15 xapi Called from file ocaml/xapi/server_helpers.ml, line 186
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 5/15 xapi Called from file ocaml/xapi/startup.ml, line 95
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 6/15 xapi Called from file ocaml/xapi/startup.ml, line 103
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 7/15 xapi Called from file list.ml, line 110
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 8/15 xapi Called from file ocaml/libs/xapi-stdext/lib/xapi-stdext-pervasives/pervasiveext.ml, line 24
Sep  6 11:15:01 xcpng-alpha xapi: [debug||103 /var/lib/xcp/xapi|post_root|dummytaskhelper] task dispatch:session.slave_login D:a158125dd2cf created by task D:79e713e28a1a
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 9/15 xapi Called from file ocaml/libs/xapi-stdext/lib/xapi-stdext-pervasives/pervasiveext.ml, line 39
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 10/15 xapi Called from file ocaml/xapi/xapi.ml, line 1081
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 11/15 xapi Called from file ocaml/xapi/server_helpers.ml, line 72
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 12/15 xapi Called from file ocaml/xapi/server_helpers.ml, line 94
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 13/15 xapi Called from file ocaml/libs/xapi-stdext/lib/xapi-stdext-pervasives/pervasiveext.ml, line 24
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 14/15 xapi Called from file ocaml/libs/xapi-stdext/lib/xapi-stdext-pervasives/pervasiveext.ml, line 39
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 15/15 xapi Called from file ocaml/libs/log/debug.ml, line 250
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace]
Sep  6 11:15:01 xcpng-alpha xapi: [ info||103 /var/lib/xcp/xapi|session.slave_login D:66eac4ae5d62|xapi_session] Session.create trackid=8c7b1adbf956cc2269755733d4544244 pool=true uname= originator=xapi is_local_superuser=true auth_user_sid= parent=trackid=9834f5af41c964e225f24279aefe4e49
Sep  6 11:15:01 xcpng-alpha xapi: [debug||0 ||xapi] xapi top-level caught Unix_error: No such file or directory, open, /etc/stunnel/certs/sdn-controller-ca.pem
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] Raised Unix.Unix_error(Unix.ENOENT, "open", "/etc/stunnel/certs/sdn-controller-ca.pem")
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace] 1/1 xapi Raised at file (Thread 0 has no backtrace table. Was with_backtraces called?, line 0
Sep  6 11:15:01 xcpng-alpha xapi: [error||0 ||backtrace]

@stormi
Copy link
Contributor Author

stormi commented Sep 11, 2024

Grepping on "startup]" also shows XAPI startup is looping:

Sep  6 11:15:23 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [XAPI SERVER STARTING]
Sep  6 11:15:23 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Parsing inventory file]
Sep  6 11:15:23 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Setting stunnel timeout]
Sep  6 11:15:23 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Initialising local database]
Sep  6 11:15:23 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Loading DHCP leases]
Sep  6 11:15:23 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Reading pool secret]
Sep  6 11:15:23 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Logging xapi version info]
Sep  6 11:15:23 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Setting signal handlers]
Sep  6 11:15:23 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Initialising random number generator]
Sep  6 11:15:23 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Initialise TLS verification]
Sep  6 11:15:23 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Running startup check]
Sep  6 11:15:23 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Registering SMAPIv1 plugins]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Initialising SMAPIv1 state]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Starting SMAPIv1 proxies]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Starting SM service]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Starting SM xapi event service]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Killing stray sparse_dd processes]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Registering http handlers]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Registering master-only http handlers]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Listening unix socket]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [starting thread Metadata VDI liveness monitor]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Checking HA configuration]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Checking for non-HA redo-log]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Setup DB configuration]
Sep  6 11:15:26 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [starting up database engine]
Sep  6 11:15:28 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [hi-level database upgrade]
Sep  6 11:15:28 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [bringing up management interface]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [starting thread Starting periodic scheduler]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Synchronising host configuration files]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Starting Host other-config watcher]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Update database state of TLS verification]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:3539931a73f8|startup] task [Update shared certificate's metadata]
Sep  6 11:15:29 xcpng-alpha xapi: [ warn||0 |server_init D:3539931a73f8|startup] task [Update shared certificate's metadata] exception: Unix.Unix_error(Unix.ENOENT, "open", "/etc/stunnel/certs/sdn-controller-ca.pem")
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [XAPI SERVER STARTING]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Parsing inventory file]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Setting stunnel timeout]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Initialising local database]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Loading DHCP leases]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Reading pool secret]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Logging xapi version info]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Setting signal handlers]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Initialising random number generator]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Initialise TLS verification]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Running startup check]
Sep  6 11:15:29 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Registering SMAPIv1 plugins]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Initialising SMAPIv1 state]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Starting SMAPIv1 proxies]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Starting SM service]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Starting SM xapi event service]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Killing stray sparse_dd processes]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Registering http handlers]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Registering master-only http handlers]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Listening unix socket]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [starting thread Metadata VDI liveness monitor]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Checking HA configuration]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Checking for non-HA redo-log]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Setup DB configuration]
Sep  6 11:15:31 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [starting up database engine]
Sep  6 11:15:33 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [hi-level database upgrade]
Sep  6 11:15:34 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [bringing up management interface]
Sep  6 11:15:34 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [starting thread Starting periodic scheduler]
Sep  6 11:15:34 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Synchronising host configuration files]
Sep  6 11:15:34 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Starting Host other-config watcher]
Sep  6 11:15:34 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Update database state of TLS verification]
Sep  6 11:15:34 xcpng-alpha xapi: [debug||0 |server_init D:2a9d9c931400|startup] task [Update shared certificate's metadata]
Sep  6 11:15:34 xcpng-alpha xapi: [ warn||0 |server_init D:2a9d9c931400|startup] task [Update shared certificate's metadata] exception: Unix.Unix_error(Unix.ENOENT, "open", "/etc/stunnel/certs/sdn-controller-ca.pem")
Sep  6 11:15:35 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [XAPI SERVER STARTING]
Sep  6 11:15:35 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Parsing inventory file]
Sep  6 11:15:35 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Setting stunnel timeout]
Sep  6 11:15:35 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Initialising local database]
Sep  6 11:15:35 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Loading DHCP leases]
Sep  6 11:15:35 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Reading pool secret]
Sep  6 11:15:35 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Logging xapi version info]
Sep  6 11:15:35 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Setting signal handlers]
Sep  6 11:15:35 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Initialising random number generator]
Sep  6 11:15:35 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Initialise TLS verification]
Sep  6 11:15:35 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Running startup check]
Sep  6 11:15:35 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Registering SMAPIv1 plugins]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Initialising SMAPIv1 state]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Starting SMAPIv1 proxies]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Starting SM service]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Starting SM xapi event service]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Killing stray sparse_dd processes]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Registering http handlers]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Registering master-only http handlers]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Listening unix socket]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [starting thread Metadata VDI liveness monitor]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Checking HA configuration]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Checking for non-HA redo-log]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Setup DB configuration]
Sep  6 11:15:37 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [starting up database engine]
Sep  6 11:15:39 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [hi-level database upgrade]
Sep  6 11:15:39 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [bringing up management interface]
Sep  6 11:15:40 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [starting thread Starting periodic scheduler]
Sep  6 11:15:40 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Synchronising host configuration files]
Sep  6 11:15:40 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Starting Host other-config watcher]
Sep  6 11:15:40 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Update database state of TLS verification]
Sep  6 11:15:40 xcpng-alpha xapi: [debug||0 |server_init D:e4e7c3d94289|startup] task [Update shared certificate's metadata]
Sep  6 11:15:40 xcpng-alpha xapi: [ warn||0 |server_init D:e4e7c3d94289|startup] task [Update shared certificate's metadata] exception: Unix.Unix_error(Unix.ENOENT, "open", "/etc/stunnel/certs/sdn-controller-ca.pem")

@snwoods snwoods self-assigned this Sep 18, 2024
@snwoods snwoods mentioned this issue Sep 18, 2024
Merged
@snwoods
Copy link
Contributor

snwoods commented Sep 18, 2024

Hi, thank you for reporting this and the suggestion for using --force! I have incorporated both a fix for this issue and new --force functionality into this PR: #6006

github-merge-queue bot pushed a commit that referenced this issue Oct 22, 2024
@psafont
CA-398341: Populate fingerprints of CA certificates on startup (#6006)
97aa03f 
Also CP-51527: Add --force option to pool-uninstall-ca-certificate.

Addresses the issues raised here by @stormi
#5955
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@snwoods snwoods

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stormi @snwoods @psafont