XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Script suddently stop working (TLS error)

    Scheduled Pinned Locked Moved Infrastructure as Code
    3 Posts 2 Posters 64 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      Kptainflintt
      last edited by Kptainflintt

      Hi,

      I'm facing a new issue. All my provisionning is made with a xo-cli script.

      Adding user is OK, but, when I create a network :

      xo-cli sdnController.createPrivateNetwork \
        name="Reseau-Test" \
        poolIds=json:'["'3960dbc1-d43c-341a-0421-83d53db1968f'"]' \
        encapsulation="vxlan" \
        description="Réseau Test" \
        pifIds=json:'["f002e286-6e36-7841-0d9b-fd2b58740bd6","e6533dc2-c5e4-a669-9019-e6308029068b","cd753935-2158-566d-69e8-94a88c0e8d0f"]'

      An error is issued :

      ✖ JsonRpcError: C0DC61B8937F0000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1605:SSL alert number 48

    at Peer._callee$ (/home/uga/.nvm/versions/node/v22.17.0/lib/node_modules/xo-cli/node_modules/json-rpc-peer/dist/index.js:139:44)
    at Peer.<anonymous> (/home/uga/.nvm/versions/node/v22.17.0/lib/node_modules/xo-cli/node_modules/@babel/runtime/helpers/regeneratorRuntime.js:52:18)
    at Generator.<anonymous> (/home/uga/.nvm/versions/node/v22.17.0/lib/node_modules/xo-cli/node_modules/@babel/runtime/helpers/regenerator.js:52:51)
    at Generator.next (/home/uga/.nvm/versions/node/v22.17.0/lib/node_modules/xo-cli/node_modules/@babel/runtime/helpers/regeneratorDefine.js:17:23)
    at asyncGeneratorStep (/home/uga/.nvm/versions/node/v22.17.0/lib/node_modules/xo-cli/node_modules/@babel/runtime/helpers/asyncToGenerator.js:3:17)
    at _next (/home/uga/.nvm/versions/node/v22.17.0/lib/node_modules/xo-cli/node_modules/@babel/runtime/helpers/asyncToGenerator.js:17:9)
    at /home/uga/.nvm/versions/node/v22.17.0/lib/node_modules/xo-cli/node_modules/@babel/runtime/helpers/asyncToGenerator.js:22:7
    at new Promise (<anonymous>)
    at Peer.<anonymous> (/home/uga/.nvm/versions/node/v22.17.0/lib/node_modules/xo-cli/node_modules/@babel/runtime/helpers/asyncToGenerator.js:14:12)
    at Peer.exec (/home/uga/.nvm/versions/node/v22.17.0/lib/node_modules/xo-cli/node_modules/json-rpc-peer/dist/index.js:182:20) {
  code: -32000,
  data: {
    code: 'ERR_SSL_TLSV1_ALERT_UNKNOWN_CA',
    library: 'SSL routines',
    message: 'C0DC61B8937F0000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1605:SSL alert number 48\n',
    name: 'Error',
    reason: 'tlsv1 alert unknown ca',
    stack: 'Error: C0DC61B8937F0000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1605:SSL alert number 48\n'
  }
}

      "override-certs" is on, no changes on hosts.

      Last run of this script was two weeks ago, with no issue.

      EDIT : the networks are indeed created, this error seems to be non blocking. Owever, I did'nt see it before.

      EDIT bis : the networks are effectively created in XAPI, not on hosts !

      1 Reply Last reply Reply Quote 0
      • olivierlambertO Offline
        olivierlambert Vates 🪐 Co-Founder CEO
        last edited by

        You have a cert issue, can be also due to a time mismatch between your machine, XO and the host.

        K 1 Reply Last reply Reply Quote 0
        • K Offline
          Kptainflintt @olivierlambert
          last edited by

          @olivierlambert

          I use only http for xo-cli, so I didn't understand why I have a CA error.

          I think it's because I've launched a second XOA for trial testing.

          Last week, with only one XO, no problem.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post