That explains the behavior that we're seeing here. The agent remembers the ssl certificate from the first handshake, and refuses to connect if the certificate changes (unless reconfigured otherwise)
So if you'd like to use your custom SSL certs on the server, you may want to stop the agent and blow away the agent truststore file, it's stored somewhere under /var/lib/go-agent/config. On Mon, Jul 11, 2016 at 10:04 PM Hugh Acland <[email protected]> wrote: > OK! I now know what the problem is. I had followed the instructions here: > https://docs.go.cd/current/installation/ssl_tls/custom_certificate.html > to run the go-server using a Signed certificate from a proper Authority. > > When I revert back to using the self-signed certificate (by removing the > keystore file in /etc/go) then restart the server lo and behold the agent > now shows up. > > Is this a bug? > > thanks > > > On Monday, July 11, 2016 at 5:22:07 PM UTC+1, Hugh Acland wrote: >> >> Thanks, but I have been waiting for it to show up in the server for >> literally hours!! Something is still not quite right >> >> On Monday, July 11, 2016 at 5:15:02 PM UTC+1, Ketan Padegaonkar wrote: >>> >>> >>> >>> On Mon, Jul 11, 2016 at 9:33 PM Hugh Acland <[email protected]> wrote: >>> >>>> go 15767 0.6 6.4 1949232 260744 ? Sl 15:35 0:10 >>>> /usr/lib/jvm/*java*-7-openjdk-amd64/jre/bin/*java* >>>> -Dcruise.console.publish.interval=10 -Xms128m -Xmx256m >>>> -D*java*.security.egd=file:/dev/./urandom >>>> -Dagent.launcher.version=Unknown >>>> -Dagent.plugins.md5=d1a8e4434cbf9868d96efe98147f1c47 >>>> -Dagent.binary.md5=M7VLVRjsxWOPUY6+DhkuBw== >>>> -Dagent.launcher.md5=dXwGRFnX3o1pgkQggCM/dA== -jar agent.jar >>>> https://127.0.0.1:8154/go/ >>>> >>>> >>> This indicates that the agent process is now running, and is connected >>> to the server. The initial error you mention "Couldn't update >>> admin/agent-launcher.jar. Sleeping for 1m" generally happens when the >>> server is booting or is temporarily unavailable. The agent process should >>> eventually connect after a few minutes. >>> >>> Is it possible that the agent is caching the start up settings somewhere? >>>> >>> >>> No, you normally start the bootstrapper with port 8153, and it'll >>> autodetect the ssl port. >>> >> -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
