Open oddboy opened 5 years ago
Describe the bug Upon installing lightwave (from photon-updates repo, on photonOS 2), the log contains errors:
Dec 28 04:09:17 dc01 vmafdd[4017]: t@140141993535232: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: ERROR! [VmAfdIpcTriggerRootCertsRefresh] is returning [2] Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushMachineSslCertificate returning 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: [Error - 4312, ../../../../vmafd/server/vmafd/rootfetch.c:684] Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2
There are other errors pretaining to Root certificates, such as:
Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: ERROR! [VmAfdIpcTriggerRootCertsRefresh] is returning [2] Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushMachineSslCertificate returning 2 Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2
and
Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: ERROR! [VmAfdIpcTriggerRootCertsRefresh] is returning [2] Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushMachineSslCertificate returning 2 Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2
My interpretation of these errors is that the CRL, Root certs and Machine cert can't be saved to disk.
This can be reproduced at will by running:
vecs-cli force-refresh --server dc01 --upn Administrator
Impact
Expected behavior I would expect that the CRL could be flushed to disk.
Observed behavior CRL is not flushed to disk.
To Reproduce Steps to reproduce the behavior:
journalctl -f
Environment:
Additional context I have been able to eliminate the error by manually creating the following directories:
/etc/vmware-vpx/docRoot/certs ^ this one eliminates the errors about CRL and Root Certs
/etc/vmware/vmware-vmafd ^ this one eliminates the errors about machine-ssl.crt
There remains one error. I don't know if it's related or not.
vmafdd[24656]: t@140186877519616: [Error - 4312, ../../../../vmafd/server/vmafd/rootfetch.c:684]
Describe the bug Upon installing lightwave (from photon-updates repo, on photonOS 2), the log contains errors:
Dec 28 04:09:17 dc01 vmafdd[4017]: t@140141993535232: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: ERROR! [VmAfdIpcTriggerRootCertsRefresh] is returning [2] Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushMachineSslCertificate returning 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: [Error - 4312, ../../../../vmafd/server/vmafd/rootfetch.c:684] Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2There are other errors pretaining to Root certificates, such as:
Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: ERROR! [VmAfdIpcTriggerRootCertsRefresh] is returning [2] Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushMachineSslCertificate returning 2 Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2and
Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: ERROR! [VmAfdIpcTriggerRootCertsRefresh] is returning [2] Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushMachineSslCertificate returning 2 Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2My interpretation of these errors is that the CRL, Root certs and Machine cert can't be saved to disk.
This can be reproduced at will by running:
vecs-cli force-refresh --server dc01 --upn AdministratorImpact
Expected behavior I would expect that the CRL could be flushed to disk.
Observed behavior CRL is not flushed to disk.
To Reproduce Steps to reproduce the behavior:
journalctl -f)Environment:
Additional context I have been able to eliminate the error by manually creating the following directories:
/etc/vmware-vpx/docRoot/certs ^ this one eliminates the errors about CRL and Root Certs
/etc/vmware/vmware-vmafd ^ this one eliminates the errors about machine-ssl.crt
There remains one error. I don't know if it's related or not.
vmafdd[24656]: t@140186877519616: [Error - 4312, ../../../../vmafd/server/vmafd/rootfetch.c:684]