Open SebastienGardoll opened 3 years ago
Describe the bug
When trying to upgrade from 4.04 to devel or 4.05, with Let's Encrypt on.
`TASK [tomcat : Create Keystore] ** fatal: [vesgint-idx.ipsl.upmc.fr]: FAILED! => { "changed": false, "cmd": "/usr/bin/openssl pkcs12 -export -name my_esgf_node -in /tmp/my_esgf_node.crt -inkey /tmp/my_esgf_node.key -out /tmp/keystore.p12 -passout '****'", "rc": 1 }
STDERR:
No certificate matches private key
MSG:
fatal: [vesgint-data.ipsl.upmc.fr]: FAILED! => { "changed": false, "cmd": "/usr/bin/openssl pkcs12 -export -name my_esgf_node -in /tmp/my_esgf_node.crt -inkey /tmp/my_esgf_node.key -out /tmp/keystore.p12 -passout '****'", "rc": 1 }
No certificate matches private key`
Full log: 6_upgrade_int_to_devel_lets.log
To Reproduce
ansible-playbook -i hosts.int -u root install.yml
idx&idp config:
`ansible_user: root
globushostcert: /root/certs/local_certs/hostcert.pem globushostkey: /root/certs/local_certs/hostkey.pem
myproxycacert: /root/certs/local_certs/cacert.pem myproxycakey: /root/certs/local_certs/cakey.pem myproxy_signing_policy: /root/certs/local_certs/globus_simple_ca_47671b99_setup-0/47671b99.signing_policy
try_letsencrypt: true
globus_user: [NOT SHOWN] globus_pass: [NOT SHOWN] register_gridftp: false register_myproxy: false
configure_centos6_iptables: false configure_centos7_firewalld: false
mirror_host: distrib-coffee.ipsl.jussieu.fr/pub`
data config:
Expected behavior
Installation to complete and working Let's Encrypt certificats and idx and data nodes.
ESGF Node (please complete the following information):
Describe the bug
When trying to upgrade from 4.04 to devel or 4.05, with Let's Encrypt on.
`TASK [tomcat : Create Keystore] ** fatal: [vesgint-idx.ipsl.upmc.fr]: FAILED! => { "changed": false, "cmd": "/usr/bin/openssl pkcs12 -export -name my_esgf_node -in /tmp/my_esgf_node.crt -inkey /tmp/my_esgf_node.key -out /tmp/keystore.p12 -passout '****'", "rc": 1 }
STDERR:
No certificate matches private key
MSG:
No certificate matches private key
fatal: [vesgint-data.ipsl.upmc.fr]: FAILED! => { "changed": false, "cmd": "/usr/bin/openssl pkcs12 -export -name my_esgf_node -in /tmp/my_esgf_node.crt -inkey /tmp/my_esgf_node.key -out /tmp/keystore.p12 -passout '****'", "rc": 1 }
STDERR:
No certificate matches private key
MSG:
No certificate matches private key`
Full log: 6_upgrade_int_to_devel_lets.log
To Reproduce
ansible-playbook -i hosts.int -u root install.yml
idx&idp config:
`ansible_user: root
globushostcert: /root/certs/local_certs/hostcert.pem globushostkey: /root/certs/local_certs/hostkey.pem
myproxycacert: /root/certs/local_certs/cacert.pem myproxycakey: /root/certs/local_certs/cakey.pem myproxy_signing_policy: /root/certs/local_certs/globus_simple_ca_47671b99_setup-0/47671b99.signing_policy
try_letsencrypt: true
globus_user: [NOT SHOWN] globus_pass: [NOT SHOWN] register_gridftp: false register_myproxy: false
configure_centos6_iptables: false configure_centos7_firewalld: false
mirror_host: distrib-coffee.ipsl.jussieu.fr/pub`
data config:
`ansible_user: root
globushostcert: /root/certs/local_certs/hostcert.pem globushostkey: /root/certs/local_certs/hostkey.pem
try_letsencrypt: true
globus_user: [NOT SHOWN] globus_pass: [NOT SHOWN] register_gridftp: false register_myproxy: false
configure_centos6_iptables: false configure_centos7_firewalld: false
mirror_host: distrib-coffee.ipsl.jussieu.fr/pub`
Expected behavior
Installation to complete and working Let's Encrypt certificats and idx and data nodes.
ESGF Node (please complete the following information):