Hi,

Trying to a fresh new installation of CF on AWS - I'm hitting the following
issue when the deployment is trying to update the api_z1/0 jobs.
I'm following the instruction -
http://docs.cloudfoundry.org/deploying/aws/cf-stub.html and as well
http://docs.cloudfoundry.org/deploying/common/consul-security.html to
generate the consul certificates.

According to the log - the consult_agent process failed to start.

{"timestamp":"1460475448.173879385","source":"confab","message":"confab.agent-client.verify-joined.members.request.failed","log_level":2,"data":{"error":"Get

http://127.0.0.1:8500/v1/agent/members: dial tcp 127.0.0.1:8

500: getsockopt: connection refused","wan":false}}

==> Starting Consul agent...

==> Error starting agent: Failed to start Consul client: Failed to load
cert/key pair: crypto/tls: failed to parse certificate PEM data

How can I debug this issue ?

Cheers,

sylvain

GIt by sri eeo olold lollipop look Kim o gift forgot guitarists u my look ed
On 12 Apr 2016 21:37, "Sylvainl Gibier" <sylvain(a)munichconsulting.de>
wrote:gfggkuflg

this
Hi, lol touching inka

Trying to a fresh new installation of CF on AWS - I'm track

gigg.org/deploying/aws/cf-stub.html koi8Logan's other as w rell
http://docs.cloudfoundry.org/deploying/common/consul-security.html to
generate the consul certificates.

According to the log - the consult_agent process failed to start.

{"timestamp":"1460475448.173879385","source":"confab","message":"confab.agent-client.verify-joined.member
fb.request.failed","log_level":2,"data":{"error":"Get
http://127.0.0.1:8500/v1/agent/members: dial tcp 127.0.0.1:8

500: getsockopt: connection refused","wan":false}}

==> Starting Consul agent...

==> Erroinyvfr starting agent: Failed to start Consul client: Failed to

load cert/key pair: carypto/tls: failed to parse certificate PEM data

How can I debyug this issue ?

Cheers,

sylvain

Hi Sylvain,

It looks like your problem might be that one or more of the consul certificates in your cf manifest is not a valid PEM encoded certificate, or the certificates are missing entirely. Do the consul properties in your cf manifest look approximately like this (with your own certificates and keys):

https://github.com/cloudfoundry-incubator/consul-release/blob/master/manifests/aws/multi-az-ssl.yml#L122-L261

Also, if you decode your certificates by running `openssl x509 -in server-ca.crt -text -noout`, do they appear to be valid?

If they are invalid you can try regenerating them using `scripts/generate-consul-certs` and copying each files contents into the appropriate place in your cf manifest's consul properties.

Thanks,
Christian and George

Hi,

i end up regenerating the whole stack using v234 instead and it worked -
using the same consul certificates.

Sylvain

Hi Sylvain,

Good to hear, let us know if you have any other problems.