search

nordic-institute / X-Road

Source code of the X-Road® data exchange layer software
https://x-road.global
Other
608 stars 189 forks source link

SS-cluster install (Ansible) shows certificate error #495

Closed KostLinux closed 4 years ago

KostLinux commented 4 years ago

I was installing ss-cluster test On slave base backup task, it showed error

TASK [slave : do a base backup] *****************************************************************************************************************************fatal: [slave-a.xroad.itarchive.home]: FAILED! => {"changed": true, "cmd": "cd \"/var/lib/postgresql/10/serverconf\"\nrm -rf *\npg_basebackup -h \"master.xroad.itarchive.home\" -p \"5433\" -U \"slavea\" -D .\n", "delta": "0:00:00.050096", "end": "2020-05-12 09:32:55.392223", "msg": "non-zero return code", "rc": 1, "start": "2020-05-12 09:32:55.342127", "stderr": "pg_basebackup: could not connect to server: SSL error: sslv3 alert bad certificate\npg_basebackup: removing contents of data directory \".\"", "stderr_lines": ["pg_basebackup: could not connect to server: SSL error: sslv3 alert bad certificate", "pg_basebackup: removing contents of data directory \".\""], "stdout": "", "stdout_lines": []}
fatal: [slave-b.xroad.itarchive.home]: FAILED! => {"changed": true, "cmd": "cd \"/var/lib/postgresql/10/serverconf\"\nrm -rf *\npg_basebackup -h \"master.xroad.itarchive.home\" -p \"5433\" -U \"slaveb\" -D .\n", "delta": "0:00:00.051188", "end": "2020-05-07 13:47:50.503575", "msg": "non-zero return code", "rc": 1, "start": "2020-05-07 13:47:50.452387", "stderr": "pg_basebackup: could not connect to server: SSL error: certificate verify failed\npg_basebackup: removing contents of data directory \".\"", "stderr_lines": ["pg_basebackup: could not connect to server: SSL error: certificate verify failed", "pg_basebackup: removing contents of data directory \".\""], "stdout": "", "stdout_lines": []}

Here's ansible hosts file:

[master]
master.xroad.itarchive.home nodename=master

[slaves]
slave-a.xroad.itarchive.home nodename=slavea
slave-b.xroad.itarchive.home nodename=slaveb

[slaves:vars]
master_host=master.xroad.itarchive.home

[all:vars]
ansible_become=yes
ansible_ssh_user=chris
ansible_ssh_private_key_file=~/.ssh/id_rsa
ansible_python_interpreter= /usr/bin/python3

Certificates were done in that way:

cd ca/ ; bash init.sh
bash add-node.sh master
bash add-node.sh slavea
bash add-node.sh slaveb

How can i fix this error?

KostLinux commented 4 years ago

Had to uncomment this line in /etc/postgresql/10/serverconf/postgres.conf ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'