Stuck tasks within XO (rrd_updates)?
-
@tanjix I would hold off installing it for now. My concern was that the update was the source of the issue, but you ruled that out since it hasn't been installed yet.
-
Maybe I found the problem.
In XO's log section I found an entry like:Hostname/IP does not match certificate's altnames: IP: a.b.c.d is not in the cert's list:
The detailed log says at the bottom:
"code": "ERR_TLS_CERT_ALTNAME_INVALID", "url": "https://a.b.c.d/rrd_updates?cf=AVERAGE&host=true&interval=5&json=true&start=1611607291&session_id=OpaqueRef%3A7601e913-a96c-419e-a5ab-be65255ab3d7&task_id=OpaqueRef%3Aecd831ec-bd4f-4a40-82c4-f15059ffb377", "message": "Hostname/IP does not match certificate's altnames: IP: a.b.c.d is not in the cert's list: ",
a.b.c.d is in this case the ip address of my pool master.
I installed TLS certificates (a wildcard certificate, not self signed but from a trusted authority), so that all of my hosts are reachable ssl-secured (done that through XO --> Home --> Hosts --> <host> --> Advanced and there at the bottom).
Of course, this only works if requests are made with the hostname and not with the ip address.
If I open the URL from above and replace the ip address through the hostname of the pool master, then it looks like it works.
So, how can this be fixed that these rrd_things make their calls with the hostname instead of the ip address?
Or did I do anything wrong with the certificates?Thanks!
-
@olivierlambert is there any update on this issue available?
Thanks!
-
This is a normal XAPI behavior. I don't think there's a simple fix for that.
-
@olivierlambert So, how could I get rid of these error messages and the fact, that I have plenty of these tasks running after a while?
I guess, restarting the toolstack every hour is not the preferred way...Thanks!
-
Be sure you are correctly connected to your host (no NAT or private IP you couldn't reach)
-
@olivierlambert What are you referring to? What should I do? There is no NAT, private network etc involved. XO connected to the XCP-NG host (pool master) via its public hostname (for which the SSL certificate is issued) and NOT with its ip address only.
Thanks!
-
Is the host using the same IP address internally? (than the public one)
-
@olivierlambert What do you mean with "internally"? There is only one IP in use in my environment, which is the public IP. So yes, it's the same IP address.
-
Can you do a
xe host-param-get param-name=address uuid=<HOST_UUID>
? -
@olivierlambert said in Stuck tasks within XO (rrd_updates)?:
xe host-param-get param-name=address uuid=
Sure, that one is returning one ip address, the public one I am talking about.
-
And it's your management interface, right?
-
@olivierlambert correct
-
Any news available?
-
Sorry I'm completely snowed under with too many different things
To my knowledge, those tasks should disappear after a bit, if there's no NAT I don't see any reason for them to stack.
-
Hi Olivier,
thanks, but as I described initially, those tasks are not disappearing and summing up after a while.
Did you also consider my report --> here?
Thanks!
-
That's why I don't know, I don't have any answer without digging more and sadly I can't If there's other people around to assist, go ahead