<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style>
<!--
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
@font-face
{font-family:Aptos}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
span.EmailStyle18
{font-family:"Aptos",sans-serif;
color:windowtext}
.MsoChpDefault
{font-size:11.0pt}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
div.WordSection1
{}
-->
</style>
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
There were a couple X class solar flares (highest strength category) and a CME from the sun that were hitting the Earth over the past 3 or 4 days. Perhaps you had some RAM corruption from these cosmic rays and a full reboot cleared all the RAM. Just speculation.
<div><br>
</div>
<div><br>
</div>
<div>-------- Original message --------</div>
<div>From: mxhajduczenia@gmail.com </div>
<div>Date: 5/8/24 6:27 PM (GMT-06:00) </div>
<div>To: 'Slawek Figiel' <slawek@isc.org> </div>
<div>Cc: stork-users@lists.isc.org </div>
<div>Subject: Re: [stork-users] Removing a node and re-adding it back causes a certificate error
</div>
<div><br>
</div>
<div>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Just to close my saga off – I rebooted the Stork server VM today and … everything seems fine now. I am stumped, honestly, since nothing has changed in terms of networking / connectivity / configuration. It
just started working out of the blue. </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Not a good result, honestly, since something got fixed during the reboot but I do not know what
</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span></p>
<p class="MsoNormal"><img width="1634" height="234" id="Picture_x0020_1" src="cid:image001.png@01DAA16D.03A4A540" style="width:17.0166in; height:2.4333in"><span style="font-size:11.0pt">
</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Marek </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span></p>
<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif"> Marek Hajduczenia <mxhajduczenia@gmail.com>
<br>
<b>Sent:</b> Tuesday, May 7, 2024 10:47 AM<br>
<b>To:</b> Slawek Figiel <slawek@isc.org><br>
<b>Cc:</b> stork-users@lists.isc.org<br>
<b>Subject:</b> Re: [stork-users] Removing a node and re-adding it back causes a certificate error
</span></p>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<div>
<p class="MsoNormal">I did go with the recommendation and even though I am 100% sure I have IP reachability, the registration process with server token fails.
</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">root@server-kea-node1:/home/ace# ping 172.17.129.133<br>
PING 172.17.129.133 (172.17.129.133) 56(84) bytes of data.<br>
64 bytes from <a href="http://172.17.129.133">172.17.129.133</a>: icmp_seq=1 ttl=64 time=0.074 ms<br>
64 bytes from <a href="http://172.17.129.133">172.17.129.133</a>: icmp_seq=2 ttl=64 time=0.063 ms<br>
64 bytes from <a href="http://172.17.129.133">172.17.129.133</a>: icmp_seq=3 ttl=64 time=0.147 ms<br>
^C<br>
--- 172.17.129.133 ping statistics ---<br>
3 packets transmitted, 3 received, 0% packet loss, time 2054ms<br>
rtt min/avg/max/mdev = 0.063/0.094/0.147/0.037 ms </p>
</div>
<div>
<p class="MsoNormal">root@server-kea-node1:/home/ace# sudo su stork-agent -s /bin/sh -c 'stork-agent register --server-url
<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=d32s6nxs&n=br5nirtci&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.133%3A8080">
http://172.17.129.133:8080</a>'<br>
>>>> Server access token (optional): <br>
>>>> IP address or FQDN of the host with Stork Agent (for the Stork Server connection) [server-kea-node1]: 172.17.129.130<br>
>>>> Port number that Stork Agent will listen on [8080]: <br>
INFO[2024-05-07 16:44:26] register.go:84 Forced agent certificates regeneration. <br>
INFO[2024-05-07 16:44:26] register.go:406 =============================================================================
<br>
INFO[2024-05-07 16:44:26] register.go:407 AGENT TOKEN: E9EE6D836E249B0E9A8898E638DECFCAD35A6577A70672E8F639D4A46CEBC211
<br>
INFO[2024-05-07 16:44:26] register.go:408 =============================================================================
<br>
INFO[2024-05-07 16:44:26] register.go:413 Machine will be automatically registered using the server token
<br>
INFO[2024-05-07 16:44:26] register.go:414 Agent token is printed above for informational purposes only
<br>
INFO[2024-05-07 16:44:26] register.go:415 User does not need to copy or verify the agent token during registration via the server token
<br>
INFO[2024-05-07 16:44:26] register.go:416 It will be sent to the server but it is not directly used in this type of machine registration
<br>
INFO[2024-05-07 16:44:26] register.go:425 Try to register agent in Stork Server <br>
INFO[2024-05-07 16:44:26] register.go:262 Machine registered
<br>
INFO[2024-05-07 16:44:26] register.go:283 Stored agent-signed cert and CA cert
<br>
ERRO[2024-05-07 16:44:26] register.go:454 Retrying ping 1/3 due to error error="problem pinging machine: Cannot ping machine"<br>
ERRO[2024-05-07 16:44:28] register.go:454 Retrying ping 2/3 due to error error="problem pinging machine: Cannot ping machine"<br>
ERRO[2024-05-07 16:44:32] register.go:459 Cannot ping machine error="problem pinging machine: Cannot ping machine"<br>
FATA[2024-05-07 16:44:32] main.go:217 Registration failed
</p>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">I did try to add the --server-token flag but the net result is the same
</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal">root@server-kea-node1:/home/ace# sudo su stork-agent -s /bin/sh -c 'stork-agent register --server-url
<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=d32s6nxs&n=br5nirtci&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.133%3A8080">
http://172.17.129.133:8080</a> --server-token OQYuMxkWmc3dySolt6uytLY4NrSkLWpo'<br>
>>>> IP address or FQDN of the host with Stork Agent (for the Stork Server connection) [server-kea-node1]: 172.17.129.130<br>
>>>> Port number that Stork Agent will listen on [8080]: <br>
INFO[2024-05-07 16:46:52] register.go:84 Forced agent certificates regeneration. <br>
INFO[2024-05-07 16:46:52] register.go:406 =============================================================================
<br>
INFO[2024-05-07 16:46:52] register.go:407 AGENT TOKEN: D43AA9AA37F03B1D24A0ADC9CB23E4137FCC284429A1CC87AE397CC78E3DE4FC
<br>
INFO[2024-05-07 16:46:52] register.go:408 =============================================================================
<br>
INFO[2024-05-07 16:46:52] register.go:413 Machine will be automatically registered using the server token
<br>
INFO[2024-05-07 16:46:52] register.go:414 Agent token is printed above for informational purposes only
<br>
INFO[2024-05-07 16:46:52] register.go:415 User does not need to copy or verify the agent token during registration via the server token
<br>
INFO[2024-05-07 16:46:52] register.go:416 It will be sent to the server but it is not directly used in this type of machine registration
<br>
INFO[2024-05-07 16:46:52] register.go:425 Try to register agent in Stork Server <br>
INFO[2024-05-07 16:46:52] register.go:262 Machine registered
<br>
INFO[2024-05-07 16:46:52] register.go:283 Stored agent-signed cert and CA cert
<br>
ERRO[2024-05-07 16:46:52] register.go:454 Retrying ping 1/3 due to error error="problem pinging machine: Cannot ping machine"<br>
ERRO[2024-05-07 16:46:54] register.go:454 Retrying ping 2/3 due to error error="problem pinging machine: Cannot ping machine"<br>
ERRO[2024-05-07 16:46:58] register.go:459 Cannot ping machine error="problem pinging machine: Cannot ping machine"
</p>
<div>
<p class="MsoNormal">FATA[2024-05-07 16:46:58] main.go:217 Registration failed
</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Regards </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Marek </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<p class="MsoNormal">On Tue, May 7, 2024 at 10:38<span style="font-family:"Arial",sans-serif"> </span>AM Slawek Figiel <<a href="mailto:slawek@isc.org">slawek@isc.org</a>> wrote:
</p>
</div>
<blockquote style="border:none; border-left:solid #CCCCCC 1.0pt; padding:0in 0in 0in 6.0pt; margin-left:4.8pt; margin-right:0in">
<p class="MsoNormal">Marek,<br>
<br>
it is interesting case. But don't worry I'm sure we will find the cause <br>
of the problem soon.<br>
<br>
I see you performed the manual registration using the "register" <br>
command. Could you use this command again, but this time provide the <br>
`--server-token` flag? Your server token is on the machines page.<br>
<br>
An additional check is performed when the `--server-token` flag is used. <br>
After the successful registration, the server sends the Ping request <br>
over the GRPC protocol to the agent. It verifies whether the provided <br>
agent host is accessible from the server machine.<br>
<br>
If the operation fails, you must check your network configuration and <br>
the IP address provided as the agent host.<br>
<br>
I'm waiting for your feedback.<br>
<br>
Regards,<br>
Slawek<br>
<br>
On 07/05/2024 18:25, Marek Hajduczenia wrote:<br>
> Inline, please, with [mh0507] tags<br>
> <br>
> -----Original Message-----<br>
> From: Slawek Figiel <<a href="mailto:slawek@isc.org" target="_blank">slawek@isc.org</a>><br>
> Sent: Tuesday, May 7, 2024 10:21 AM<br>
> To: Marek Hajduczenia <<a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a>><br>
> Cc: <a href="mailto:stork-users@lists.isc.org" target="_blank">stork-users@lists.isc.org</a><br>
> Subject: Re: [stork-users] Removing a node and re-adding it back causes a certificate error<br>
> <br>
> Marek,<br>
> <br>
> > That has not solved my problem. I went through the following process<br>
> ><br>
> > 1. Remove the previous registration for .130 machine at Stork GUI<br>
> > (Action > Remove)<br>
> > 2. Remove all content from /var/lib/stork-agen/certs and<br>
> > /var/lib/stork-agen/tokens<br>
> > 3. Re-run registration<br>
> <br>
> Did you re-authorize the machine? (Machines => Unathorized => Click the Authorize button). I suppose yes but I would like to double-check.<br>
> <br>
> [mh0507] Correct, I did re-authorize the machine, that is part of the standard work flow covered in the documentation for Stork.<br>
> <br>
> > I am back where I was<br>
> <br>
> Hmm... Could you verify if the Stork server and Stork agent versions are the same? You can check them by `stork-server --version` and `stork-agent --version` commands.<br>
> <br>
> [mh0507] As requested, they are both on 1.16.0 as shown below.<br>
> <br>
> root@server-kea-control:/etc/stork# stork-server --version<br>
> 1.16.0<br>
> <br>
> root@server-kea-node1:/var/lib/stork-agent# stork-agent --version<br>
> 1.16.0<br>
> <br>
> Slawek<br>
> <br>
> On 07/05/2024 16:23, Marek Hajduczenia wrote:<br>
>> The certs have been regenerated on the node, for what it is worth<br>
>><br>
>> root@server-kea-node1:/var/lib/stork-agent# ls -lah certs/ total 20K<br>
>> drwx------ 2 stork-agent root 4.0K May 7 11:47 .<br>
>> drwxr-xr-x 4 stork-agent root 4.0K May 6 19:08 ..<br>
>> -rw------- 1 stork-agent stork-agent 664 May 7 11:47 ca.pem<br>
>> -rw------- 1 stork-agent stork-agent 656 May 7 11:47 cert.pem<br>
>> -rw------- 1 stork-agent stork-agent 241 May 7 11:47 key.pem<br>
>><br>
>> but it seems that the Stork Server side is holding onto old certs? Not<br>
>> sure where they would be stored - likely in the backend DB, but I do<br>
>> not want to delete things at random.<br>
>><br>
>> Regards<br>
>><br>
>> Marek<br>
>><br>
>> On Tue, May 7, 2024 at 5:56<span style="font-family:"Arial",sans-serif"> </span>AM Marek Hajduczenia<br>
>> <<a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a> <mailto:<a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a>>> wrote:<br>
>><br>
>> Hi Slawek,<br>
>><br>
>> That has not solved my problem. I went through the following<br>
>> process<br>
>><br>
>> 1. Remove the previous registration for .130 machine at Stork GUI<br>
>> (Action > Remove)<br>
>> 2. Remove all content from /var/lib/stork-agen/certs and<br>
>> /var/lib/stork-agen/tokens<br>
>> 3. Re-run registration<br>
>><br>
>> root@server-kea-node1:/var/lib/stork-agent/tokens# sudo su<br>
>> stork-agent -s /bin/sh -c 'stork-agent register --server-url<br>
>> <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=xwyir4nw&n=br5nirtci&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.251%3A8080" target="_blank">
http://172.17.129.251:8080</a> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=xwyir4nw&n=br5nirtci&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.251%3A8080" target="_blank">http://172.17.129.251:8080</a>>'<br>
>> >>>> Server access token (optional):<br>
>> >>>> IP address or FQDN of the host with Stork Agent (for the Stork<br>
>> Server connection) [server-kea-node1]: 172.17.129.130<br>
>> >>>> Port number that Stork Agent will listen on [8080]:<br>
>> INFO[2024-05-07 11:47:14] register.go:81 There are no<br>
>> agent certificates - they will be generated.<br>
>> INFO[2024-05-07 11:47:14] register.go:406<br>
>> =============================================================================<br>
>> INFO[2024-05-07 11:47:14] register.go:407 AGENT TOKEN:<br>
>> B777710F0547C3EA237002537E4B18202F888F4D0F6C2C00BA105167DE1688CE<br>
>> INFO[2024-05-07 11:47:14] register.go:408<br>
>> =============================================================================<br>
>> INFO[2024-05-07 11:47:14] register.go:411 Authorize the<br>
>> machine in the Stork web UI<br>
>> INFO[2024-05-07 11:47:14] register.go:425 Try to register<br>
>> agent in Stork Server<br>
>> INFO[2024-05-07 11:47:14] register.go:262 Machine registered<br>
>> INFO[2024-05-07 11:47:14] register.go:283 Stored<br>
>> agent-signed cert and CA cert<br>
>> INFO[2024-05-07 11:47:14] main.go:215 Registration<br>
>> completed successfully<br>
>><br>
>> 4. I am back where I was<br>
>><br>
>> image.png<br>
>><br>
>> I did restart the local Stork agent but that did not change<br>
>> anything<br>
>><br>
>> root@server-kea-node1:/var/lib/stork-agent/tokens# service<br>
>> isc-kea-ctrl-agent restart<br>
>> root@server-kea-node1:/var/lib/stork-agent/tokens# service<br>
>> isc-kea-ctrl-agent status<br>
>> ● isc-kea-ctrl-agent.service - Kea Control Agent<br>
>> Loaded: loaded<br>
>> (/lib/systemd/system/isc-kea-ctrl-agent.service; enabled; vendor<br>
>> preset: enabled)<br>
>> Active: active (running) since Tue 2024-05-07 11:50:16 UTC; 3s ago<br>
>> Docs: man:kea-ctrl-agent(8)<br>
>> Main PID: 10543 (kea-ctrl-agent)<br>
>> Tasks: 5 (limit: 9343)<br>
>> Memory: 1.4M<br>
>> CPU: 7ms<br>
>> CGroup: /system.slice/isc-kea-ctrl-agent.service<br>
>> └─10543 /usr/sbin/kea-ctrl-agent -c<br>
>> /etc/kea/kea-ctrl-agent.conf<br>
>><br>
>> May 07 11:50:16 server-kea-node1 systemd[1]:<br>
>> isc-kea-ctrl-agent.service: Deactivated successfully.<br>
>> May 07 11:50:16 server-kea-node1 systemd[1]: Stopped Kea Control Agent.<br>
>> May 07 11:50:16 server-kea-node1 systemd[1]:<br>
>> isc-kea-ctrl-agent.service: Consumed 48.595s CPU time.<br>
>> May 07 11:50:16 server-kea-node1 systemd[1]: Started Kea Control Agent.<br>
>><br>
>> For what is worth, the message in the logs has changed<br>
>><br>
>> May 7 11:54:39 server-kea-control stork-server[719]:<br>
>> time="2024-05-07 11:54:39" level="info" msg="Completed pulling lease<br>
>> stats from Kea apps: 0/1 succeeded" file=" statspuller.go:71 "<br>
>> May 7 11:54:39 server-kea-control stork-server[719]:<br>
>> time="2024-05-07 11:54:39" level="warning" msg="rpc error: code =<br>
>> Unavailable desc = connection error: desc = \"error reading server<br>
>> preface: remote error: tls: bad certificate\"" file="<br>
>> manager.go:124 " agent="<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=zxbbggd5&n=br5nirtci&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">172.17.129.130:8080</a><br>
>> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>"<br>
>> May 7 11:54:39 server-kea-control stork-server[719]:<br>
>> time="2024-05-07 11:54:39" level="warning" msg="Failed to get state<br>
>> from the Stork agent; the agent is still not responding" file="<br>
>> grpcli.go:326 " agent="<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">172.17.129.130:8080</a><br>
>> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>"<br>
>> May 7 11:54:39 server-kea-control stork-server[719]:<br>
>> time="2024-05-07 11:54:39" level="warning" msg="failed to get state<br>
>> from agent <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">
172.17.129.130:8080</a> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>:
grpc<br>
>> manager is unable to re-establish connection with the agent<br>
>> <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">
172.17.129.130:8080</a> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>:
rpc error: code =<br>
>> Unavailable desc = connection error: desc = \"error reading server<br>
>> preface: remote error: tls: bad certificate\"" file="<br>
>> statepuller.go:247 "<br>
>><br>
>> Not sure whether it for the better or worse<br>
>><br>
>> Regards<br>
>><br>
>> Marek<br>
>><br>
>> On Tue, May 7, 2024 at 4:06<span style="font-family:"Arial",sans-serif"> </span>AM Slawek Figiel <<a href="mailto:slawek@isc.org" target="_blank">slawek@isc.org</a><br>
>> <mailto:<a href="mailto:slawek@isc.org" target="_blank">slawek@isc.org</a>>> wrote:<br>
>><br>
>> Hello Marek!<br>
>><br>
>> Stork server reports that the agent introduced itself with a "bad<br>
>> certificate." Several reasons may cause it. I think you should<br>
>> remove<br>
>> the existing cert files and re-register the agent. Please do the<br>
>> following steps:<br>
>><br>
>> 1. On the agent machine, remove the files in the<br>
>> `/var/lib/stork-agent`<br>
>> directory (you need to remove all files from the `certs` and<br>
>> `tokens`<br>
>> subdirectories)<br>
>> 2. If you manually registered the agent (by the `register`<br>
>> command, you<br>
>> need to call it again and restart the agent. If you used the<br>
>> self-registration flow, just restart the agent.<br>
>> 3. Open the Stork UI, go to the machines list, switch to the<br>
>> "Unauthorized" tab, and re-authorize the agent.<br>
>><br>
>> I hope it'll solve your problem.<br>
>> Don't hesitate to ask for more details if you have any questions.<br>
>><br>
>> Regards,<br>
>> Slawek Figiel<br>
>><br>
>> On 07/05/2024 00:05, <a href="mailto:mxhajduczenia@gmail.com" target="_blank">
mxhajduczenia@gmail.com</a><br>
>> <mailto:<a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a>> wrote:<br>
>> > Dear Forum,<br>
>> ><br>
>> > I had two nodes added to Stork: .130 and .131 and they were<br>
>> working<br>
>> > correctly. Node .130 had a kernel failure due to changes I<br>
>> was trying to<br>
>> > apply and I did not make a copy, unfortunately. Long story<br>
>> short, I had<br>
>> > to re-install node .130, and then I wanted to add it back to<br>
>> Stork<br>
>> ><br>
>> > No matter what I do, I am getting the error shown above,<br>
>> i.e., Cannot<br>
>> > get state of machine.<br>
>> ><br>
>> > Syslog review shows only one error message following two<br>
>> warning messages.<br>
>> ><br>
>> > May 6 21:58:38 server-kea-control stork-server[719]:<br>
>> time="2024-05-06<br>
>> > 21:58:38" level="warning" msg="rpc error: code = Unavailable<br>
>> desc =<br>
>> > connection error: desc = \"error reading server preface:<br>
>> remote error:<br>
>> > tls: bad certificate\"" file=" manager.go:124 "<br>
>> > agent="<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=yb7sm67r&n=br5nirtcj&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">172.17.129.130:8080</a> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>"<br>
>> ><br>
>> > May 6 21:58:38 server-kea-control stork-server[719]:<br>
>> time="2024-05-06<br>
>> > 21:58:38" level="warning" msg="Failed to get state from the<br>
>> Stork agent;<br>
>> > the agent is still not responding" file="<br>
>> grpcli.go:326 "<br>
>> > agent="<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">172.17.129.130:8080</a> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>"<br>
>> ><br>
>> > May 6 21:58:38 server-kea-control stork-server[719]:<br>
>> time="2024-05-06<br>
>> > 21:58:38" level="warning" msg="failed to get state from agent<br>
>> > <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">
172.17.129.130:8080</a> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>:
grpc<br>
>> manager is unable to re-establish connection<br>
>> > with the agent <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">
172.17.129.130:8080</a><br>
>> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=dwctigxt&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=http%3A%2F%2F172.17.129.130%3A8080" target="_blank">http://172.17.129.130:8080</a>>: rpc error:
code = Unavailable desc =<br>
>> > connection error: desc = \"error reading server preface:<br>
>> remote error:<br>
>> > tls: bad certificate\"" file=" statepuller.go:247 "<br>
>> ><br>
>> > I suspect that the TLS certificate does to get cleared when<br>
>> the machine<br>
>> > is removed and a machine with the same IP address is re-added.<br>
>> ><br>
>> > I did not find a remedy for it for now and I do not fancy a<br>
>> complete<br>
>> > re-install of Stork if I can avoid it.<br>
>> ><br>
>> > Any suggestions on how to fix it?<br>
>> ><br>
>> > Regards<br>
>> ><br>
>> > Marek<br>
>> ><br>
>> ><br>
>> --<br>
>> Stork-users mailing list<br>
>> <a href="mailto:Stork-users@lists.isc.org" target="_blank">Stork-users@lists.isc.org</a> <mailto:<a href="mailto:Stork-users@lists.isc.org" target="_blank">Stork-users@lists.isc.org</a>><br>
>> <a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=ugchdbnv&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fstork-users" target="_blank">
https://lists.isc.org/mailman/listinfo/stork-users</a><br>
>> <<a href="https://url-shield.securence.com/?p=1.0&r=jkrejci@usinternet.com&sid=1715210863369-091-00272538&s=ugchdbnv&n=br5nirtck&ms=2.6,2.6,0.0,0.0&u=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fstork-users" target="_blank">https://lists.isc.org/mailman/listinfo/stork-users</a>><br>
>><br>
> </p>
</blockquote>
</div>
</div>
</div>
</div>
</body>
</html>