mosys0815 opened a new issue, #10996:
URL: https://github.com/apache/cloudstack/issues/10996
I am currently preparing a cluster and installed a new (the 1st) management
server.
That server's network is a fully routed L3-network.
Starting the cloudstack-management service does not create the server
certificate from root-ca with the following error:
```
2025-06-10 08:28:57,082 DEBUG [o.a.c.f.c.i.ConfigDepotImpl] (main:[])
(logid:) Retrieving keys from RootCAProvider
2025-06-10 08:28:58,589 DEBUG [o.a.c.s.l.r.ExtensionRegistry] (main:[])
(logid:) Registering extension [RootCAProvider] in [Ca Providers Registry]
2025-06-10 08:28:58,589 DEBUG [o.a.c.s.l.r.RegistryLifecycle] (main:[])
(logid:) Registered org.apache.cloudstack.ca.provider.RootCAProvider@611f82a8
2025-06-10 08:28:58,589 INFO [o.a.c.s.l.CloudStackExtendedLifeCycle]
(main:[]) (logid:) Configuring CloudStack Components
2025-06-10 08:28:58,589 INFO [o.a.c.s.l.CloudStackExtendedLifeCycle]
(main:[]) (logid:) configuring bean RootCAProvider.
2025-06-10 08:28:59,037 DEBUG [c.c.u.s.Script] (main:[]) (logid:) Executing
command [/bin/bash -c ip route show default 0.0.0.0/0 | head -1 | awk '{print
$5}' ].
2025-06-10 08:28:59,043 DEBUG [c.c.u.s.Script] (main:[]) (logid:)
Successfully executed process [105870] for command [/bin/bash -c ip route show
default 0.0.0.0/0 | head -1 | awk '{print $5}' ].
2025-06-10 08:28:59,127 ERROR [o.a.c.s.l.CloudStackExtendedLifeCycle]
(main:[]) (logid:) Error on configuring bean RootCAProvider - Cannot invoke
"java.net.NetworkInterface.getInterfaceAddresses()" because "nic" is null
java.lang.NullPointerException: Cannot invoke
"java.net.NetworkInterface.getInterfaceAddresses()" because "nic" is null
```
* these are the active network-interfaces, "hostip" is the bgp-announced ip
on a virtual interface for networking, eth1* are the ethernet interfaces
```
~# ip -4 -br a | egrep '(eth1|hostip)'
eth1a UP 10.72.44.198/30
eth1b UP 10.72.45.198/30
hostip UNKNOWN 10.72.44.3/32
```
* CS did retrieve the correct ip from hostip interface
```
~# ip route show default 0.0.0.0/0 | head -1 | awk '{print $5}'
10.72.44.3
```
* certificate check
```
~# openssl s_client -connect 10.72.44.3:9090 </dev/null 2>/dev/null |
openssl x509 -noout -ext subjectAltNam
Could not read certificate from <stdin>
4087895B58700000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:../crypto/store/store_result.c:151:
Unable to load certificate
```
For testing i installed 2 virtual machines with cloudstack-management and a
new mysql-database on one of these. Both instances are connected on a layer 2
network.
Here the management servers (one after another) came once with fully
functional certificates, both servers see each other as peers in the cs-ui
management server overview.
* certificates SAN on one of the test-instances:
```
~# openssl s_client -connect 10.65.254.48:9090 </dev/null 2>/dev/null |
openssl x509 -noout -ext subjectAltName
X509v3 Subject Alternative Name:
IP Address:FE80:0:0:0:1C00:B1FF:FE00:164, IP Address:10.65.254.48,
DNS:<redacted> DNS:cloudstack.internal
```
I then connected the former server with a fresh installation to the
database of my test-setup.
I got the same error as mentioned above.
I suspect some issue with the L3-network and retrieving some
networking-stuff by cloudstack-management-server.
Any idea how to proceed here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
