Re: Issue 1104 in ganeti: gnt-backup SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

Tue, 23 Jun 2015 05:09:48 -0700
Comment #9 on issue 1104 by [email protected]: gnt-backup SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small 
https://code.google.com/p/ganeti/issues/detail?id=1104

This is how it looks in logs when new server.pem is on all nodes:
==========================
ganeti-luxid: No voting RPC result from [“node2”,”node1”]
ganeti-wconfd: Error in the RPC HTTP reply from 'Node {nodeName = “node2”, nodePrimaryIp = “xxxxxx”, nodeSecondaryIp = “xxxxx”, nodeMasterCandidate = True, nodeOffline = False, nodeDrained = False, nodeGroup = “yyyyyyy”, nodeMasterCapable = True, nodeVmCapable = True, nodeNdparams = PartialNDParams {ndpOobProgramP = Nothing, ndpSpindleCountP = Nothing, ndpExclusiveStorageP = Nothing, ndpOvsP = Nothing, ndpOvsNameP = Nothing, ndpOvsLinkP = Nothing, ndpSshPortP = Nothing, ndpCpuSpeedP = Nothing}, nodePowered = True, nodeCtime = Tue May 19 14:36:24 CEST 2015, nodeMtime = Tue May 19 14:36:24 CEST 2015, nodeUuid = “zzzzzzz”, nodeSerial = 1, nodeTags = fromList []}': CurlLayerError "code: CurlCouldntConnect, explanation: Failed connect to xxxxxx:1811; Connection refused" ganeti-luxid: Error in the RPC HTTP reply from 'Node {nodeName = “node2”, nodePrimaryIp = “xxxxxx”, nodeSecondaryIp = “xxxxxxx”, nodeMasterCandidate = True, nodeOffline = False, nodeDrained = False, nodeGroup = “zzzzzzzz”, nodeMasterCapable = True, nodeVmCapable = True, nodeNdparams = PartialNDParams {ndpOobProgramP = Nothing, ndpSpindleCountP = Nothing, ndpExclusiveStorageP = Nothing, ndpOvsP = Nothing, ndpOvsNameP = Nothing, ndpOvsLinkP = Nothing, ndpSshPortP = Nothing, ndpCpuSpeedP = Nothing}, nodePowered = True, nodeCtime = Mon May 18 12:05:29 CEST 2015, nodeMtime = Mon May 18 12:05:29 CEST 2015, nodeUuid = “zzzzzzzzz”, nodeSerial = 1, nodeTags = fromList []}': CurlLayerError "code: CurlSSLCACertBadFile, explanation: " 
==========================
CurlLayerError "code: CurlSSLCACertBadFile" - I guess something wrong with new server.pem format. 
It looks like:
# grep '\----' server.pem
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----



--
You received this message because this project is configured to send all issue notifications to this address. 
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

Reply via email to