[stork-users] Removing a node and re-adding it back causes a certificate error
Slawek Figiel
slawek at isc.org
Tue May 7 10:06:14 UTC 2024
Hello Marek!
Stork server reports that the agent introduced itself with a "bad
certificate." Several reasons may cause it. I think you should remove
the existing cert files and re-register the agent. Please do the
following steps:
1. On the agent machine, remove the files in the `/var/lib/stork-agent`
directory (you need to remove all files from the `certs` and `tokens`
subdirectories)
2. If you manually registered the agent (by the `register` command, you
need to call it again and restart the agent. If you used the
self-registration flow, just restart the agent.
3. Open the Stork UI, go to the machines list, switch to the
"Unauthorized" tab, and re-authorize the agent.
I hope it'll solve your problem.
Don't hesitate to ask for more details if you have any questions.
Regards,
Slawek Figiel
On 07/05/2024 00:05, mxhajduczenia at gmail.com wrote:
> Dear Forum,
>
> I had two nodes added to Stork: .130 and .131 and they were working
> correctly. Node .130 had a kernel failure due to changes I was trying to
> apply and I did not make a copy, unfortunately. Long story short, I had
> to re-install node .130, and then I wanted to add it back to Stork
>
> No matter what I do, I am getting the error shown above, i.e., Cannot
> get state of machine.
>
> Syslog review shows only one error message following two warning messages.
>
> May 6 21:58:38 server-kea-control stork-server[719]: time="2024-05-06
> 21:58:38" level="warning" msg="rpc error: code = Unavailable desc =
> connection error: desc = \"error reading server preface: remote error:
> tls: bad certificate\"" file=" manager.go:124 "
> agent="172.17.129.130:8080"
>
> May 6 21:58:38 server-kea-control stork-server[719]: time="2024-05-06
> 21:58:38" level="warning" msg="Failed to get state from the Stork agent;
> the agent is still not responding" file=" grpcli.go:326 "
> agent="172.17.129.130:8080"
>
> May 6 21:58:38 server-kea-control stork-server[719]: time="2024-05-06
> 21:58:38" level="warning" msg="failed to get state from agent
> 172.17.129.130:8080: grpc manager is unable to re-establish connection
> with the agent 172.17.129.130:8080: rpc error: code = Unavailable desc =
> connection error: desc = \"error reading server preface: remote error:
> tls: bad certificate\"" file=" statepuller.go:247 "
>
> I suspect that the TLS certificate does to get cleared when the machine
> is removed and a machine with the same IP address is re-added.
>
> I did not find a remedy for it for now and I do not fancy a complete
> re-install of Stork if I can avoid it.
>
> Any suggestions on how to fix it?
>
> Regards
>
> Marek
>
>
More information about the Stork-users
mailing list