XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Adding new host to pool fails - Stunnel SSL certiticate verification failure

    Scheduled Pinned Locked Moved XCP-ng
    1 Posts 1 Posters 5 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      Bryanvh
      last edited by Danp

      Posting this here because in the hopes someone has an answer and that this helps anyone else encountering the issue.

      I have a pool of a few hosts which I recently upgraded to XCP-NG 8.3 from 8.2. And, now, I am attempting to add a new host to this pool to increase my resource capacity. However, after adding the new server in Xen Orchestra, I go to my primary pool to begin the process of adding the new server but that fails with an error "Internal_Error(Stunnel.Stunnel [some text that runs off the screen] routines::certificate verify failed"))"

      The full error is as follows:

      "Stunnel.Stunnel_verify_error("0A000086:SSL routines::certificate verify failed")"

      And the complete readout of the event is as follows:

      {
  "id": "0mpn7bwnk",
  "properties": {
    "method": "pool.mergeInto",
    "params": {
      "sources": [
        "65c279b5-5a9d-db33-92f1-3f057fbafda6"
      ],
      "target": "f735841b-af37-0547-5d1e-8cb11bc51f0d",
      "force": true
    },
    "name": "API call: pool.mergeInto",
    "userId": "905ebdb9-6698-4902-8e60-9a028d1aa441",
    "type": "api.call"
  },
  "start": 1779834203408,
  "status": "failure",
  "updatedAt": 1779834206165,
  "end": 1779834206165,
  "result": {
    "code": "INTERNAL_ERROR",
    "params": [
      "Stunnel.Stunnel_verify_error(\"0A000086:SSL routines::certificate verify failed\")"
    ],
    "call": {
      "duration": 2713,
      "method": "pool.join_force",
      "params": [
        "* session id *",
        "192.168.1.11",
        "root",
        "* obfuscated *"
      ]
    },
    "message": "INTERNAL_ERROR(Stunnel.Stunnel_verify_error(\"0A000086:SSL routines::certificate verify failed\"))",
    "name": "XapiError",
    "stack": "XapiError: INTERNAL_ERROR(Stunnel.Stunnel_verify_error(\"0A000086:SSL routines::certificate verify failed\"))\n    at Function.wrap (file:///usr/local/lib/node_modules/xo-server/node_modules/xen-api/_XapiError.mjs:16:12)\n    at file:///usr/local/lib/node_modules/xo-server/node_modules/xen-api/transports/json-rpc.mjs:38:21\n    at runNextTicks (node:internal/process/task_queues:60:5)\n    at processImmediate (node:internal/timers:454:9)\n    at process.callbackTrampoline (node:internal/async_hooks:130:17)"
  }
}

      Obviously, it's unhappy about the certs. But I can't figure out why. For additional context, I have never messed with the certs on these servers previously. Based on some other forum posts, I went and checked the cert at /etc/stunnel/xapi-stunnel-ca-bundle.pem on the pool master as well as this new host. Seeing that it exists but unsure of whether it was still integral, I even ran xe host-refresh-server-certificate host=hostname on both just in case. Despite that, this error persists. Does anyone have any insight into the error or a possible fix from what they may have encountered themselves previously?

      1 Reply Last reply Reply Quote 0

      Hello! It looks like you're interested in this conversation, but you don't have an account yet.

      Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

      With your input, this post could be even better 💗

      Register Login
      • First post
        Last post