[stork-users] Removing a node and re-adding it back causes a certificate error

Slawek Figiel slawek at isc.org
Tue May 7 10:06:14 UTC 2024


Hello Marek!

Stork server reports that the agent introduced itself with a "bad 
certificate." Several reasons may cause it. I think you should remove 
the existing cert files and re-register the agent. Please do the 
following steps:

1. On the agent machine, remove the files in the `/var/lib/stork-agent` 
directory (you need to remove all files from the `certs` and `tokens` 
subdirectories)
2. If you manually registered the agent (by the `register` command, you 
need to call it again and restart the agent. If you used the 
self-registration flow, just restart the agent.
3. Open the Stork UI, go to the machines list, switch to the 
"Unauthorized" tab, and re-authorize the agent.

I hope it'll solve your problem.
Don't hesitate to ask for more details if you have any questions.

Regards,
Slawek Figiel

On 07/05/2024 00:05, mxhajduczenia at gmail.com wrote:
> Dear Forum,
> 
> I had two nodes added to Stork: .130 and .131 and they were working 
> correctly. Node .130 had a kernel failure due to changes I was trying to 
> apply and I did not make a copy, unfortunately. Long story short, I had 
> to re-install node .130, and then I wanted to add it back to Stork
> 
> No matter what I do, I am getting the error shown above, i.e., Cannot 
> get state of machine.
> 
> Syslog review shows only one error message following two warning messages.
> 
> May  6 21:58:38 server-kea-control stork-server[719]: time="2024-05-06 
> 21:58:38" level="warning" msg="rpc error: code = Unavailable desc = 
> connection error: desc = \"error reading server preface: remote error: 
> tls: bad certificate\"" file="          manager.go:124  " 
> agent="172.17.129.130:8080"
> 
> May  6 21:58:38 server-kea-control stork-server[719]: time="2024-05-06 
> 21:58:38" level="warning" msg="Failed to get state from the Stork agent; 
> the agent is still not responding" file="           grpcli.go:326  " 
> agent="172.17.129.130:8080"
> 
> May  6 21:58:38 server-kea-control stork-server[719]: time="2024-05-06 
> 21:58:38" level="warning" msg="failed to get state from agent 
> 172.17.129.130:8080: grpc manager is unable to re-establish connection 
> with the agent 172.17.129.130:8080: rpc error: code = Unavailable desc = 
> connection error: desc = \"error reading server preface: remote error: 
> tls: bad certificate\"" file="      statepuller.go:247  "
> 
> I suspect that the TLS certificate does to get cleared when the machine 
> is removed and a machine with the same IP address is re-added.
> 
> I did not find a remedy for it for now and I do not fancy a complete 
> re-install of Stork if I can avoid it.
> 
> Any suggestions on how to fix it?
> 
> Regards
> 
> Marek
> 
> 


More information about the Stork-users mailing list