Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

icinga2 node wizard and icinga2 pki new-cert failed to create new self-signed certificate for CN ... #8198

Closed
peter-snr opened this issue Aug 28, 2020 · 4 comments
Closed

icinga2 node wizard and icinga2 pki new-cert failed to create new self-signed certificate for CN ... #8198

peter-snr opened this issue Aug 28, 2020 · 4 comments

Comments

@peter-snr
Copy link

Describe the bug

When running icinga2 node wizard and answering the questions it fails with error message:

critical/cli: Failed to create new self-signed certificate for CN 'myserver.domain.net'. Please try again.

Then when then trying:

icinga2 pki new-cert --cn myserver.domain.net --key /var/l
ib/icinga2/certsmyserver.domain.net.key --cert /var/lib/icinga2/certs/myserver.domain.net.crt

Output is: information/base: Writing private key to '/var/lib/icinga2/certs/enf-emea02-dmzlb01.trakm8.net.key'

To Reproduce

Execute commands as shown above.

Expected behavior

The key and crt file to be produced, or some kind of error output

Screenshots

n/a

Your Environment

icinga2 --version
icinga2 - The Icinga 2 network monitoring daemon (version: 2.11.4-1)

Copyright (c) 2012-2020 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

System information:
  Platform: CentOS Linux
  Platform version: 7 (Core)
  Kernel: Linux
  Kernel version: 3.10.0-514.26.2.el7.x86_64
  Architecture: x86_64

Build information:
  Compiler: GNU 4.8.5
  Build host: runner-ltrjqz9n-project-322-concurrent-0

Application information:

General paths:
  Config directory: /etc/icinga2
  Data directory: /var/lib/icinga2
  Log directory: /var/log/icinga2
  Cache directory: /var/cache/icinga2
  Spool directory: /var/spool/icinga2
  Run directory: /run/icinga2

Old paths (deprecated):
  Installation root: /usr
  Sysconf directory: /etc
  Run directory (base): /run
  Local state directory: /var

Internal paths:
  Package data directory: /usr/share/icinga2
  State path: /var/lib/icinga2/icinga2.state
  Modified attributes path: /var/lib/icinga2/modified-attributes.conf
  Objects path: /var/cache/icinga2/icinga2.debug
  Vars path: /var/cache/icinga2/icinga2.vars
  PID path: /run/icinga2/icinga2.pid

icinga2 feature list
Disabled features: checker command compatlog debuglog elasticsearch gelf graphite influxdb livestatus notification opentsdb perfdata statusdata syslog
Enabled features: api mainlog

Icinga Web 2 Version
2.8.1
Git commit
233bd29e4104125b4e5ef631e8c16dde33dadd9a
PHP Version
7.3.11
Git commit date
2020-06-29

Additional context

Executing icinga console produces an error file with the following content.

Caught unhandled exception.
Current time: 2020-08-28 11:12:57 +0000

  Application version: 2.11.4-1

System information:
  Platform: CentOS Linux
  Platform version: 7 (Core)
  Kernel: Linux
  Kernel version: 3.10.0-514.26.2.el7.x86_64
  Architecture: x86_64

Build information:
  Compiler: GNU 4.8.5
  Build host: runner-ltrjqz9n-project-322-concurrent-0

Application information:

General paths:
  Config directory: /etc/icinga2
  Data directory: /var/lib/icinga2
  Log directory: /var/log/icinga2
  Cache directory: /var/cache/icinga2
  Spool directory: /var/spool/icinga2
  Run directory: /run/icinga2

Old paths (deprecated):
  Installation root: /usr
  Sysconf directory: /etc
  Run directory (base): /run
  Local state directory: /var

Internal paths:
  Package data directory: /usr/share/icinga2
  State path: /var/lib/icinga2/icinga2.state
  Modified attributes path: /var/lib/icinga2/modified-attributes.conf
  Objects path: /var/cache/icinga2/icinga2.debug
  Vars path: /var/cache/icinga2/icinga2.vars
  PID path: /run/icinga2/icinga2.pid

Error: getrandom

        (0) icinga2: icinga::ConsoleCommand::Run(boost::program_options::variables_map const&, std::vector<std::string, std::allocator<std::string> > const&) const (+0x6b) [0xb386eb]
        (1) /usr/lib64/icinga2/sbin/icinga2() [0xb49733]
        (2) icinga2: main (+0xb8) [0x5f9988]
        (3) libc.so.6: __libc_start_main (+0xf5) [0x7fd94ce6cc05]
        (4) /usr/lib64/icinga2/sbin/icinga2() [0x5fc443]

Add any other context about the problem here.
@mcktr mcktr added the needs feedback We'll only proceed once we hear from you again label Aug 31, 2020
@mcktr
Copy link
Member

mcktr commented Aug 31, 2020

Hi,

the syscall getrandom is not available. This is a known issue and unfortunately out of Icinga scope.

https://bugzilla.redhat.com/show_bug.cgi?id=1330000

Your kernel version is 3.10.0-514.26.2.el7.x86_64 please update it to at least kernel-3.10.0-544.el7, with this version the syscall getrandom was backported.

refs #7560 #7683

Best regards
Michael

@peter-snr
Copy link
Author

Thank you for your promp reply Michael,

I will update the kernel version and give feedback.

@peter-snr
Copy link
Author

Kernel updated today, the icinga2 node wizard created certs and the icinga2 agent is up. All good here thx.

@mcktr mcktr removed the needs feedback We'll only proceed once we hear from you again label Sep 4, 2020
@mcktr
Copy link
Member

mcktr commented Sep 4, 2020

@peter-snr Perfect, thanks for the feedback :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peter-snr @mcktr