<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>You might be onto something but that still would be something extremely hard to prove either way </span><span style='font-size:11.0pt;font-family:"Segoe UI Emoji",sans-serif'>😊</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Justin Krejci <JKrejci@usinternet.com> <br><b>Sent:</b> Wednesday, May 8, 2024 7:21 PM<br><b>To:</b> mxhajduczenia@gmail.com; 'Slawek Figiel' <slawek@isc.org><br><b>Cc:</b> stork-users@lists.isc.org<br><b>Subject:</b> RE: [stork-users] Removing a node and re-adding it back causes a certificate error<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>There were a couple X class solar flares (highest strength category) and a CME from the sun that were hitting the Earth over the past 3 or 4 days. Perhaps you had some RAM corruption from these cosmic rays and a full reboot cleared all the RAM. Just speculation. <o:p></o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>-------- Original message --------<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From: <a href="mailto:mxhajduczenia@gmail.com">mxhajduczenia@gmail.com</a> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Date: 5/8/24 6:27 PM (GMT-06:00) <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>To: 'Slawek Figiel' <<a href="mailto:slawek@isc.org">slawek@isc.org</a>> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Cc: <a href="mailto:stork-users@lists.isc.org">stork-users@lists.isc.org</a> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Subject: Re: [stork-users] Removing a node and re-adding it back causes a certificate error <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><div><p class=MsoNormal><span style='font-size:11.0pt'>Just to close my saga off – I rebooted the Stork server VM today and … everything seems fine now. I am stumped, honestly, since nothing has changed in terms of networking / connectivity / configuration. It just started working out of the blue. </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>Not a good result, honestly, since something got fixed during the reboot but I do not know what </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><img border=0 width=1634 height=234 style='width:17.0208in;height:2.4375in' id="Picture_x0020_1" src="cid:image001.png@01DAA17D.267819C0"><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>Marek </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Marek Hajduczenia <<a href="mailto:mxhajduczenia@gmail.com">mxhajduczenia@gmail.com</a>> <br><b>Sent:</b> Tuesday, May 7, 2024 10:47 AM<br><b>To:</b> Slawek Figiel <<a href="mailto:slawek@isc.org">slawek@isc.org</a>><br><b>Cc:</b> <a href="mailto:stork-users@lists.isc.org">stork-users@lists.isc.org</a><br><b>Subject:</b> Re: [stork-users] Removing a node and re-adding it back causes a certificate error </span><o:p></o:p></p></div><p class=MsoNormal> <o:p></o:p></p><div><div><div><p class=MsoNormal>I did go with the recommendation and even though I am 100% sure I have IP reachability, the registration process with server token fails. <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>root@server-kea-node1:/home/ace# ping 172.17.129.133<br>PING 172.17.129.133 (172.17.129.133) 56(84) bytes of data.<br>64 bytes from <a href="http://172.17.129.133">172.17.129.133</a>: icmp_seq=1 ttl=64 time=0.074 ms<br>64 bytes from <a href="http://172.17.129.133">172.17.129.133</a>: icmp_seq=2 ttl=64 time=0.063 ms<br>64 bytes from <a href="http://172.17.129.133">172.17.129.133</a>: icmp_seq=3 ttl=64 time=0.147 ms<br>^C<br>--- 172.17.129.133 ping statistics ---<br>3 packets transmitted, 3 received, 0% packet loss, time 2054ms<br>rtt min/avg/max/mdev = 0.063/0.094/0.147/0.037 ms <o:p></o:p></p></div><div><p class=MsoNormal>root@server-kea-node1:/home/ace# sudo su stork-agent -s /bin/sh -c 'stork-agent register --server-url <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=d32s6nxs&n=br5nirtci&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.133%3A8080">http://172.17.129.133:8080</a>'<br>>>>> Server access token (optional): <br>>>>> IP address or FQDN of the host with Stork Agent (for the Stork Server connection) [server-kea-node1]: 172.17.129.130<br>>>>> Port number that Stork Agent will listen on [8080]: <br>INFO[2024-05-07 16:44:26] register.go:84 Forced agent certificates regeneration. <br>INFO[2024-05-07 16:44:26] register.go:406 ============================================================================= <br>INFO[2024-05-07 16:44:26] register.go:407 AGENT TOKEN: E9EE6D836E249B0E9A8898E638DECFCAD35A6577A70672E8F639D4A46CEBC211 <br>INFO[2024-05-07 16:44:26] register.go:408 ============================================================================= <br>INFO[2024-05-07 16:44:26] register.go:413 Machine will be automatically registered using the server token <br>INFO[2024-05-07 16:44:26] register.go:414 Agent token is printed above for informational purposes only <br>INFO[2024-05-07 16:44:26] register.go:415 User does not need to copy or verify the agent token during registration via the server token <br>INFO[2024-05-07 16:44:26] register.go:416 It will be sent to the server but it is not directly used in this type of machine registration <br>INFO[2024-05-07 16:44:26] register.go:425 Try to register agent in Stork Server <br>INFO[2024-05-07 16:44:26] register.go:262 Machine registered <br>INFO[2024-05-07 16:44:26] register.go:283 Stored agent-signed cert and CA cert <br>ERRO[2024-05-07 16:44:26] register.go:454 Retrying ping 1/3 due to error error="problem pinging machine: Cannot ping machine"<br>ERRO[2024-05-07 16:44:28] register.go:454 Retrying ping 2/3 due to error error="problem pinging machine: Cannot ping machine"<br>ERRO[2024-05-07 16:44:32] register.go:459 Cannot ping machine error="problem pinging machine: Cannot ping machine"<br>FATA[2024-05-07 16:44:32] main.go:217 Registration failed <o:p></o:p></p></div></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>I did try to add the --server-token flag but the net result is the same <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><p class=MsoNormal>root@server-kea-node1:/home/ace# sudo su stork-agent -s /bin/sh -c 'stork-agent register --server-url <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=d32s6nxs&n=br5nirtci&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.133%3A8080">http://172.17.129.133:8080</a> --server-token OQYuMxkWmc3dySolt6uytLY4NrSkLWpo'<br>>>>> IP address or FQDN of the host with Stork Agent (for the Stork Server connection) [server-kea-node1]: 172.17.129.130<br>>>>> Port number that Stork Agent will listen on [8080]: <br>INFO[2024-05-07 16:46:52] register.go:84 Forced agent certificates regeneration. <br>INFO[2024-05-07 16:46:52] register.go:406 ============================================================================= <br>INFO[2024-05-07 16:46:52] register.go:407 AGENT TOKEN: D43AA9AA37F03B1D24A0ADC9CB23E4137FCC284429A1CC87AE397CC78E3DE4FC <br>INFO[2024-05-07 16:46:52] register.go:408 ============================================================================= <br>INFO[2024-05-07 16:46:52] register.go:413 Machine will be automatically registered using the server token <br>INFO[2024-05-07 16:46:52] register.go:414 Agent token is printed above for informational purposes only <br>INFO[2024-05-07 16:46:52] register.go:415 User does not need to copy or verify the agent token during registration via the server token <br>INFO[2024-05-07 16:46:52] register.go:416 It will be sent to the server but it is not directly used in this type of machine registration <br>INFO[2024-05-07 16:46:52] register.go:425 Try to register agent in Stork Server <br>INFO[2024-05-07 16:46:52] register.go:262 Machine registered <br>INFO[2024-05-07 16:46:52] register.go:283 Stored agent-signed cert and CA cert <br>ERRO[2024-05-07 16:46:52] register.go:454 Retrying ping 1/3 due to error error="problem pinging machine: Cannot ping machine"<br>ERRO[2024-05-07 16:46:54] register.go:454 Retrying ping 2/3 due to error error="problem pinging machine: Cannot ping machine"<br>ERRO[2024-05-07 16:46:58] register.go:459 Cannot ping machine error="problem pinging machine: Cannot ping machine" <o:p></o:p></p><div><p class=MsoNormal>FATA[2024-05-07 16:46:58] main.go:217 Registration failed <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Regards <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Marek <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><div><p class=MsoNormal>On Tue, May 7, 2024 at 10:38<span style='font-family:"Arial",sans-serif'> </span>AM Slawek Figiel <<a href="mailto:slawek@isc.org">slawek@isc.org</a>> wrote: <o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><p class=MsoNormal>Marek,<br><br>it is interesting case. But don't worry I'm sure we will find the cause <br>of the problem soon.<br><br>I see you performed the manual registration using the "register" <br>command. Could you use this command again, but this time provide the <br>`--server-token` flag? Your server token is on the machines page.<br><br>An additional check is performed when the `--server-token` flag is used. <br>After the successful registration, the server sends the Ping request <br>over the GRPC protocol to the agent. It verifies whether the provided <br>agent host is accessible from the server machine.<br><br>If the operation fails, you must check your network configuration and <br>the IP address provided as the agent host.<br><br>I'm waiting for your feedback.<br><br>Regards,<br>Slawek<br><br>On 07/05/2024 18:25, Marek Hajduczenia wrote:<br>> Inline, please, with [mh0507] tags<br>> <br>> -----Original Message-----<br>> From: Slawek Figiel <<a href="mailto:slawek@isc.org" target="_blank">slawek@isc.org</a>><br>> Sent: Tuesday, May 7, 2024 10:21 AM<br>> To: Marek Hajduczenia <<a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a>><br>> Cc: <a href="mailto:stork-users@lists.isc.org" target="_blank">stork-users@lists.isc.org</a><br>> Subject: Re: [stork-users] Removing a node and re-adding it back causes a certificate error<br>> <br>> Marek,<br>> <br>> > That has not solved my problem. I went through the following process<br>> ><br>> > 1. Remove the previous registration for .130 machine at Stork GUI<br>> > (Action > Remove)<br>> > 2. Remove all content from /var/lib/stork-agen/certs and<br>> > /var/lib/stork-agen/tokens<br>> > 3. Re-run registration<br>> <br>> Did you re-authorize the machine? (Machines => Unathorized => Click the Authorize button). I suppose yes but I would like to double-check.<br>> <br>> [mh0507] Correct, I did re-authorize the machine, that is part of the standard work flow covered in the documentation for Stork.<br>> <br>> > I am back where I was<br>> <br>> Hmm... Could you verify if the Stork server and Stork agent versions are the same? You can check them by `stork-server --version` and `stork-agent --version` commands.<br>> <br>> [mh0507] As requested, they are both on 1.16.0 as shown below.<br>> <br>> root@server-kea-control:/etc/stork# stork-server --version<br>> 1.16.0<br>> <br>> root@server-kea-node1:/var/lib/stork-agent# stork-agent --version<br>> 1.16.0<br>> <br>> Slawek<br>> <br>> On 07/05/2024 16:23, Marek Hajduczenia wrote:<br>>> The certs have been regenerated on the node, for what it is worth<br>>><br>>> root@server-kea-node1:/var/lib/stork-agent# ls -lah certs/ total 20K<br>>> drwx------ 2 stork-agent root 4.0K May 7 11:47 .<br>>> drwxr-xr-x 4 stork-agent root 4.0K May 6 19:08 ..<br>>> -rw------- 1 stork-agent stork-agent 664 May 7 11:47 ca.pem<br>>> -rw------- 1 stork-agent stork-agent 656 May 7 11:47 cert.pem<br>>> -rw------- 1 stork-agent stork-agent 241 May 7 11:47 key.pem<br>>><br>>> but it seems that the Stork Server side is holding onto old certs? Not<br>>> sure where they would be stored - likely in the backend DB, but I do<br>>> not want to delete things at random.<br>>><br>>> Regards<br>>><br>>> Marek<br>>><br>>> On Tue, May 7, 2024 at 5:56<span style='font-family:"Arial",sans-serif'> </span>AM Marek Hajduczenia<br>>> <<a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a> <mailto:<a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a>>> wrote:<br>>><br>>> Hi Slawek,<br>>><br>>> That has not solved my problem. I went through the following<br>>> process<br>>><br>>> 1. Remove the previous registration for .130 machine at Stork GUI<br>>> (Action > Remove)<br>>> 2. Remove all content from /var/lib/stork-agen/certs and<br>>> /var/lib/stork-agen/tokens<br>>> 3. Re-run registration<br>>><br>>> root@server-kea-node1:/var/lib/stork-agent/tokens# sudo su<br>>> stork-agent -s /bin/sh -c 'stork-agent register --server-url<br>>> <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=xwyir4nw&n=br5nirtci&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.251%3A8080" target="_blank">http://172.17.129.251:8080</a> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=xwyir4nw&n=br5nirtci&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.251%3A8080" target="_blank">http://172.17.129.251:8080</a>>'<br>>> >>>> Server access token (optional):<br>>> >>>> IP address or FQDN of the host with Stork Agent (for the Stork<br>>> Server connection) [server-kea-node1]: 172.17.129.130<br>>> >>>> Port number that Stork Agent will listen on [8080]:<br>>> INFO[2024-05-07 11:47:14] register.go:81 There are no<br>>> agent certificates - they will be generated.<br>>> INFO[2024-05-07 11:47:14] register.go:406<br>>> =============================================================================<br>>> INFO[2024-05-07 11:47:14] register.go:407 AGENT TOKEN:<br>>> B777710F0547C3EA237002537E4B18202F888F4D0F6C2C00BA105167DE1688CE<br>>> INFO[2024-05-07 11:47:14] register.go:408<br>>> =============================================================================<br>>> INFO[2024-05-07 11:47:14] register.go:411 Authorize the<br>>> machine in the Stork web UI<br>>> INFO[2024-05-07 11:47:14] register.go:425 Try to register<br>>> agent in Stork Server<br>>> INFO[2024-05-07 11:47:14] register.go:262 Machine registered<br>>> INFO[2024-05-07 11:47:14] register.go:283 Stored<br>>> agent-signed cert and CA cert<br>>> INFO[2024-05-07 11:47:14] main.go:215 Registration<br>>> completed successfully<br>>><br>>> 4. I am back where I was<br>>><br>>> image.png<br>>><br>>> I did restart the local Stork agent but that did not change<br>>> anything<br>>><br>>> root@server-kea-node1:/var/lib/stork-agent/tokens# service<br>>> isc-kea-ctrl-agent restart<br>>> root@server-kea-node1:/var/lib/stork-agent/tokens# service<br>>> isc-kea-ctrl-agent status<br>>> <span style='font-family:"Arial",sans-serif'>●</span> isc-kea-ctrl-agent.service - Kea Control Agent<br>>> Loaded: loaded<br>>> (/lib/systemd/system/isc-kea-ctrl-agent.service; enabled; vendor<br>>> preset: enabled)<br>>> Active: active (running) since Tue 2024-05-07 11:50:16 UTC; 3s ago<br>>> Docs: man:kea-ctrl-agent(8)<br>>> Main PID: 10543 (kea-ctrl-agent)<br>>> Tasks: 5 (limit: 9343)<br>>> Memory: 1.4M<br>>> CPU: 7ms<br>>> CGroup: /system.slice/isc-kea-ctrl-agent.service<br>>> <span style='font-family:"Arial",sans-serif'>└─</span>10543 /usr/sbin/kea-ctrl-agent -c<br>>> /etc/kea/kea-ctrl-agent.conf<br>>><br>>> May 07 11:50:16 server-kea-node1 systemd[1]:<br>>> isc-kea-ctrl-agent.service: Deactivated successfully.<br>>> May 07 11:50:16 server-kea-node1 systemd[1]: Stopped Kea Control Agent.<br>>> May 07 11:50:16 server-kea-node1 systemd[1]:<br>>> isc-kea-ctrl-agent.service: Consumed 48.595s CPU time.<br>>> May 07 11:50:16 server-kea-node1 systemd[1]: Started Kea Control Agent.<br>>><br>>> For what is worth, the message in the logs has changed<br>>><br>>> May 7 11:54:39 server-kea-control stork-server[719]:<br>>> time="2024-05-07 11:54:39" level="info" msg="Completed pulling lease<br>>> stats from Kea apps: 0/1 succeeded" file=" statspuller.go:71 "<br>>> May 7 11:54:39 server-kea-control stork-server[719]:<br>>> time="2024-05-07 11:54:39" level="warning" msg="rpc error: code =<br>>> Unavailable desc = connection error: desc = \"error reading server<br>>> preface: remote error: tls: bad certificate\"" file="<br>>> manager.go:124 " agent="<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=zxbbggd5&n=br5nirtci&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">172.17.129.130:8080</a><br>>> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>"<br>>> May 7 11:54:39 server-kea-control stork-server[719]:<br>>> time="2024-05-07 11:54:39" level="warning" msg="Failed to get state<br>>> from the Stork agent; the agent is still not responding" file="<br>>> grpcli.go:326 " agent="<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">172.17.129.130:8080</a><br>>> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>"<br>>> May 7 11:54:39 server-kea-control stork-server[719]:<br>>> time="2024-05-07 11:54:39" level="warning" msg="failed to get state<br>>> from agent <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">172.17.129.130:8080</a> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>: grpc<br>>> manager is unable to re-establish connection with the agent<br>>> <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">172.17.129.130:8080</a> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>: rpc error: code =<br>>> Unavailable desc = connection error: desc = \"error reading server<br>>> preface: remote error: tls: bad certificate\"" file="<br>>> statepuller.go:247 "<br>>><br>>> Not sure whether it for the better or worse<br>>><br>>> Regards<br>>><br>>> Marek<br>>><br>>> On Tue, May 7, 2024 at 4:06<span style='font-family:"Arial",sans-serif'> </span>AM Slawek Figiel <<a href="mailto:slawek@isc.org" target="_blank">slawek@isc.org</a><br>>> <mailto:<a href="mailto:slawek@isc.org" target="_blank">slawek@isc.org</a>>> wrote:<br>>><br>>> Hello Marek!<br>>><br>>> Stork server reports that the agent introduced itself with a "bad<br>>> certificate." Several reasons may cause it. I think you should<br>>> remove<br>>> the existing cert files and re-register the agent. Please do the<br>>> following steps:<br>>><br>>> 1. On the agent machine, remove the files in the<br>>> `/var/lib/stork-agent`<br>>> directory (you need to remove all files from the `certs` and<br>>> `tokens`<br>>> subdirectories)<br>>> 2. If you manually registered the agent (by the `register`<br>>> command, you<br>>> need to call it again and restart the agent. If you used the<br>>> self-registration flow, just restart the agent.<br>>> 3. Open the Stork UI, go to the machines list, switch to the<br>>> "Unauthorized" tab, and re-authorize the agent.<br>>><br>>> I hope it'll solve your problem.<br>>> Don't hesitate to ask for more details if you have any questions.<br>>><br>>> Regards,<br>>> Slawek Figiel<br>>><br>>> On 07/05/2024 00:05, <a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a><br>>> <mailto:<a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a>> wrote:<br>>> > Dear Forum,<br>>> ><br>>> > I had two nodes added to Stork: .130 and .131 and they were<br>>> working<br>>> > correctly. Node .130 had a kernel failure due to changes I<br>>> was trying to<br>>> > apply and I did not make a copy, unfortunately. Long story<br>>> short, I had<br>>> > to re-install node .130, and then I wanted to add it back to<br>>> Stork<br>>> ><br>>> > No matter what I do, I am getting the error shown above,<br>>> i.e., Cannot<br>>> > get state of machine.<br>>> ><br>>> > Syslog review shows only one error message following two<br>>> warning messages.<br>>> ><br>>> > May 6 21:58:38 server-kea-control stork-server[719]:<br>>> time="2024-05-06<br>>> > 21:58:38" level="warning" msg="rpc error: code = Unavailable<br>>> desc =<br>>> > connection error: desc = \"error reading server preface:<br>>> remote error:<br>>> > tls: bad certificate\"" file=" manager.go:124 "<br>>> > agent="<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">172.17.129.130:8080</a> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>"<br>>> ><br>>> > May 6 21:58:38 server-kea-control stork-server[719]:<br>>> time="2024-05-06<br>>> > 21:58:38" level="warning" msg="Failed to get state from the<br>>> Stork agent;<br>>> > the agent is still not responding" file="<br>>> grpcli.go:326 "<br>>> > agent="<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">172.17.129.130:8080</a> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>"<br>>> ><br>>> > May 6 21:58:38 server-kea-control stork-server[719]:<br>>> time="2024-05-06<br>>> > 21:58:38" level="warning" msg="failed to get state from agent<br>>> > <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">172.17.129.130:8080</a> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>: grpc<br>>> manager is unable to re-establish connection<br>>> > with the agent <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">172.17.129.130:8080</a><br>>> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>: rpc error: code = Unavailable desc =<br>>> > connection error: desc = \"error reading server preface:<br>>> remote error:<br>>> > tls: bad certificate\"" file=" statepuller.go:247 "<br>>> ><br>>> > I suspect that the TLS certificate does to get cleared when<br>>> the machine<br>>> > is removed and a machine with the same IP address is re-added.<br>>> ><br>>> > I did not find a remedy for it for now and I do not fancy a<br>>> complete<br>>> > re-install of Stork if I can avoid it.<br>>> ><br>>> > Any suggestions on how to fix it?<br>>> ><br>>> > Regards<br>>> ><br>>> > Marek<br>>> ><br>>> ><br>>> --<br>>> Stork-users mailing list<br>>> <a href="mailto:Stork-users@lists.isc.org" target="_blank">Stork-users@lists.isc.org</a> <mailto:<a href="mailto:Stork-users@lists.isc.org" target="_blank">Stork-users@lists.isc.org</a>><br>>> <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=ugchdbnv&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fstork-users" target="_blank">https://lists.isc.org/mailman/listinfo/stork-users</a><br>>> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=ugchdbnv&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fstork-users" target="_blank">https://lists.isc.org/mailman/listinfo/stork-users</a>><br>>><br>> <o:p></o:p></p></blockquote></div></div></div></div></div></body></html>