[PVE-User] Error joining cluster

Wed, 20 May 2015 03:06:14 -0700 

Hi all,
I'm just adding a new node to a 3-node cluster, v3.4 . When adding I got an error message regarding SSL certificate generation: 

---
# pvecm add butroe
The authenticity of host 'butroe (192.168.1.7)' can't be established.
RSA key fingerprint is 55:f4:8a:bd:49:45:51:60:4b:8f:ac:ea:df:60:15:57.
Are you sure you want to continue connecting (yes/no)? yes
root@butroe's password:
root@butroe's password:
copy corosync auth key
stopping pve-cluster service
Stopping pve cluster filesystem: pve-cluster.
backup old database
Starting pve cluster filesystem : pve-cluster.
Starting cluster:
   Checking if cluster has been disabled at boot... [  OK  ]
   Checking Network Manager... [  OK  ]
   Global setup... [  OK  ]
   Loading kernel modules... [  OK  ]
   Mounting configfs... [  OK  ]
   Starting cman... [  OK  ]
   Waiting for quorum... [  OK  ]
   Starting fenced... [  OK  ]
   Starting dlm_controld... [  OK  ]
   Tuning DLM kernel config... [  OK  ]
   Unfencing self... [  OK  ]
waiting for quorum...OK
generating node certificates
Signature ok

subject=/OU=PVE Cluster Node/O=Proxmox Virtual 
Environment/CN=sanmarko.binovo.net

Getting CA Private Key
CA certificate and CA private key do not match

139833351603880:error:0B080074:x509 certificate 
routines:X509_check_private_key:key values mismatch:x509_cmp.c:330:

unable to generate pve ssl certificate:

command 'openssl x509 -req -in /tmp/pvecertreq-4734.tmp -days 3650 -out 
/etc/pve/nodes/sanmarko/pve-ssl.pem -CAkey /etc/pve/priv/pve-root-ca.key 
-CA /etc/pve/pve-root-ca.pem -CAserial /etc/pve/priv/pve-root-ca.srl 
-extfile /tmp/pvesslconf-4734.tmp' failed: exit code 1

---


I see that /etc/pve/nodes/sanmarko/pve-ssl.pem is empty (0 size). I 
think this is happening because I changed /etc/pve/pve-root-ca.pem some 
time ago (in 2012 :)  ), and it doesn't match the key in 
/etc/pve/priv/pve-root-ca.key



Am I on the safe side just generating a good 
/etc/pve/nodes/sanmarko/pve-ssl.pem file for 
/etc/pve/nodes/sanmarko/pve-ssl.key, or should I check other things? I'm 
re-issuing pve-ssl.pem files with our own IT CA anyways.


Thanks a lot
Eneko

--
Zuzendari Teknikoa / Director Técnico
Binovo IT Human Project, S.L.
Telf. 943575997
      943493611
Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
www.binovo.es

_______________________________________________
pve-user mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user














    











					Reply via email to