GitHub user mosys0815 closed a discussion: RootCAProvider error on management
server with L3-network config
I am currently preparing a cluster and installed a new (the 1st) management
server.
That server's network is a fully routed L3-network.
Starting the cloudstack-management service does not create the server
certificate from root-ca with the following error:
```
2025-06-10 08:28:57,082 DEBUG [o.a.c.f.c.i.ConfigDepotImpl] (main:[]) (logid:)
Retrieving keys from RootCAProvider
2025-06-10 08:28:58,589 DEBUG [o.a.c.s.l.r.ExtensionRegistry] (main:[])
(logid:) Registering extension [RootCAProvider] in [Ca Providers Registry]
2025-06-10 08:28:58,589 DEBUG [o.a.c.s.l.r.RegistryLifecycle] (main:[])
(logid:) Registered org.apache.cloudstack.ca.provider.RootCAProvider@611f82a8
2025-06-10 08:28:58,589 INFO [o.a.c.s.l.CloudStackExtendedLifeCycle] (main:[])
(logid:) Configuring CloudStack Components
2025-06-10 08:28:58,589 INFO [o.a.c.s.l.CloudStackExtendedLifeCycle] (main:[])
(logid:) configuring bean RootCAProvider.
2025-06-10 08:28:59,037 DEBUG [c.c.u.s.Script] (main:[]) (logid:) Executing
command [/bin/bash -c ip route show default 0.0.0.0/0 | head -1 | awk '{print
$5}' ].
2025-06-10 08:28:59,043 DEBUG [c.c.u.s.Script] (main:[]) (logid:) Successfully
executed process [105870] for command [/bin/bash -c ip route show default
0.0.0.0/0 | head -1 | awk '{print $5}' ].
2025-06-10 08:28:59,127 ERROR [o.a.c.s.l.CloudStackExtendedLifeCycle] (main:[])
(logid:) Error on configuring bean RootCAProvider - Cannot invoke
"java.net.NetworkInterface.getInterfaceAddresses()" because "nic" is null
java.lang.NullPointerException: Cannot invoke
"java.net.NetworkInterface.getInterfaceAddresses()" because "nic" is null
```
* these are the active network-interfaces, "hostip" is the bgp-announced ip on
a virtual interface for networking, eth1* are the ethernet interfaces
```
~# ip -4 -br a | egrep '(eth1|hostip)'
eth1a UP 10.72.44.198/30
eth1b UP 10.72.45.198/30
hostip UNKNOWN 10.72.44.3/32
```
* CS did retrieve the correct ip from hostip interface
```
~# ip route show default 0.0.0.0/0 | head -1 | awk '{print $5}'
10.72.44.3
```
* certificate check
```
~# openssl s_client -connect 10.72.44.3:9090 </dev/null 2>/dev/null | openssl
x509 -noout -ext subjectAltNam
Could not read certificate from <stdin>
4087895B58700000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:../crypto/store/store_result.c:151:
Unable to load certificate
```
For testing i installed 2 virtual machines with cloudstack-management and a new
mysql-database on one of these. Both instances are connected on a layer 2
network.
Here the management servers (one after another) came once with fully functional
certificates, both servers see each other as peers in the cs-ui management
server overview.
* certificates SAN on one of the test-instances:
```
~# openssl s_client -connect 10.65.254.48:9090 </dev/null 2>/dev/null | openssl
x509 -noout -ext subjectAltName
X509v3 Subject Alternative Name:
IP Address:FE80:0:0:0:1C00:B1FF:FE00:164, IP Address:10.65.254.48,
DNS:<redacted> DNS:cloudstack.internal
```
I then connected the former server with a fresh installation to the database
of my test-setup.
I got the same error as mentioned above.
I suspect some issue with the L3-network and retrieving some networking-stuff
by cloudstack-management-server.
Any idea how to proceed here?
GitHub link: https://github.com/apache/cloudstack/discussions/11152
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]
