error when restart daemon

Question

error when restart daemon

gctcxu opened this issue 6 months ago · comments

gctcxu commented 6 months ago

Hey

When I run command: "systemctl restart snap.microceph.daemon.service", something wrong with damon

What is the "Found empty certificate" meaning for? How could I fix it

Thanks

Nov 29 03:18:41 ceph-node-1 microceph.daemon[4425]: time="2023-11-29T03:18:41Z" level=info msg="Daemon stopped"
Nov 29 03:18:41 ceph-node-1 microceph.daemon[4425]: Error: Unable to start daemon: Daemon failed to start: Failed to initialize trust store: Failed to parse local record "". Found empty certificate
Nov 29 03:18:41 ceph-node-1 systemd[1]: snap.microceph.daemon.service: Main process exited, code=exited, status=1/FAILURE
Nov 29 03:18:41 ceph-node-1 systemd[1]: snap.microceph.daemon.service: Failed with result 'exit-code'.
Nov 29 03:18:41 ceph-node-1 systemd[1]: snap.microceph.daemon.service: Scheduled restart job, restart counter is at 1.
Nov 29 03:18:41 ceph-node-1 systemd[1]: Stopped Service for snap application microceph.daemon.
Nov 29 03:18:41 ceph-node-1 systemd[1]: Started Service for snap application microceph.daemon.

Utkarsh Bhatt · Answer 1 · Wed Nov 29 2023 18:47:03 GMT+0800 (China Standard Time)

@sabaini This is the same case as we tackled before.

Utkarsh Bhatt · Answer 2 · Wed Nov 29 2023 18:56:40 GMT+0800 (China Standard Time)

@gctcxu This is caused due to some corruption in peer data coming from the microcluster layer, While we publish a fix for this... There is a manual workaround.

On all of your MicroCeph hosts you need to ensure a .yaml file entry is there for EACH remote at /var/snap/microceph/common/state/truststore. The filenames themselves don't matter as long as they end in .yaml.
The contents of each .yaml file should be as follows:

name: $HOSTNAME
address: $ADDRESS:PORT
certificate: |
  -----BEGIN CERTIFICATE-----
  MIIB5zCCAW2gAwIBAgIRAJLmKfkWtj+7BDaXb+cSNBMwCgYIKoZIzj0EAwMwJTEM
  MAoGA1UEChMDTFhEMRUwEwYDVQQDDAxyb290QG1pY3JvMDEwHhcNMjMxMTI3MTU1
  MTE2WhcNMzMxMTI0MTU1MTE2WjAlMQwwCgYDVQQKEwNMWEQxFTATBgNVBAMMDHJv
  b3RAbWljcm8wMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABAV5z5NbsQTReyGNtVWy
  JXI9TKCBCEvRrq/ma1CUBH7uA/zNCfaSbU3g8ZaPaL0zSuMA0n7Iiz68RuSdEwFc
  q+95qdrq9gKQKzkeogoDBBeV7gIdqrnSJz6f+jvbfmUpmqNhMF8wDgYDVR0PAQH/
  BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwKgYDVR0R
  BCMwIYIHbWljcm8wMYcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATAKBggqhkjOPQQD
  AwNoADBlAjBIdUWgY+7+cxYXoFUmzWHL4zE+3Bbvu45vqrblV6fcF8UwB8PDbguS
  ffQBFqzSvucCMQCvrgI2h8sQ1z0JyuutQfj7Wry8B1YbGMj3EDOs/S7y/HsU8yG6
  tfvXuD0VxFYdYE8=
  -----END CERTIFICATE-----

here, name is the hostname, address can be fetched using the go program attached below, and certificate is the contents of file /var/snap/microceph/common/state/server.crt.

Use the following go program to get the address value:
address.go.txt

mv address.go.txt address.go
go run address.go

Utkarsh Bhatt · Answer 3 · Thu Jan 18 2024 15:02:58 GMT+0800 (China Standard Time)

@gctcxu This should be resolved in the edge releases and there is a workaround available. I am marking this issue closed. Please feel free to open this again if it persists.