Date
1 - 5 of 5
AWS / CF v233 deployment
Sylvain Gibier
Hi,
Trying to a fresh new installation of CF on AWS - I'm hitting the following
issue when the deployment is trying to update the api_z1/0 jobs.
I'm following the instruction -
http://docs.cloudfoundry.org/deploying/aws/cf-stub.html and as well
http://docs.cloudfoundry.org/deploying/common/consul-security.html to
generate the consul certificates.
According to the log - the consult_agent process failed to start.
{"timestamp":"1460475448.173879385","source":"confab","message":"confab.agent-client.verify-joined.members.request.failed","log_level":2,"data":{"error":"Get
Cheers,
sylvain
Trying to a fresh new installation of CF on AWS - I'm hitting the following
issue when the deployment is trying to update the api_z1/0 jobs.
I'm following the instruction -
http://docs.cloudfoundry.org/deploying/aws/cf-stub.html and as well
http://docs.cloudfoundry.org/deploying/common/consul-security.html to
generate the consul certificates.
According to the log - the consult_agent process failed to start.
{"timestamp":"1460475448.173879385","source":"confab","message":"confab.agent-client.verify-joined.members.request.failed","log_level":2,"data":{"error":"Get
http://127.0.0.1:8500/v1/agent/members: dial tcp 127.0.0.1:8How can I debug this issue ?
500: getsockopt: connection refused","wan":false}}
==> Starting Consul agent...
==> Error starting agent: Failed to start Consul client: Failed to load
cert/key pair: crypto/tls: failed to parse certificate PEM data
Cheers,
sylvain
Bharath
GIt by sri eeo olold lollipop look Kim o gift forgot guitarists u my look ed
On 12 Apr 2016 21:37, "Sylvainl Gibier" <sylvain(a)munichconsulting.de>
wrote:gfggkuflg
http://docs.cloudfoundry.org/deploying/common/consul-security.html to
generate the consul certificates.
fb.request.failed","log_level":2,"data":{"error":"Get
http://127.0.0.1:8500/v1/agent/members: dial tcp 127.0.0.1:8
On 12 Apr 2016 21:37, "Sylvainl Gibier" <sylvain(a)munichconsulting.de>
wrote:gfggkuflg
thisgigg.org/deploying/aws/cf-stub.html koi8Logan's other as w rell
Hi, lol touching inka
Trying to a fresh new installation of CF on AWS - I'm track
http://docs.cloudfoundry.org/deploying/common/consul-security.html to
generate the consul certificates.
{"timestamp":"1460475448.173879385","source":"confab","message":"confab.agent-client.verify-joined.member
According to the log - the consult_agent process failed to start.
fb.request.failed","log_level":2,"data":{"error":"Get
http://127.0.0.1:8500/v1/agent/members: dial tcp 127.0.0.1:8
load cert/key pair: carypto/tls: failed to parse certificate PEM data
500: getsockopt: connection refused","wan":false}}
==> Starting Consul agent...
==> Erroinyvfr starting agent: Failed to start Consul client: Failed to
How can I debyug this issue ?
Cheers,
sylvain
Christian Ang
Hi Sylvain,
It looks like your problem might be that one or more of the consul certificates in your cf manifest is not a valid PEM encoded certificate, or the certificates are missing entirely. Do the consul properties in your cf manifest look approximately like this (with your own certificates and keys):
https://github.com/cloudfoundry-incubator/consul-release/blob/master/manifests/aws/multi-az-ssl.yml#L122-L261
Also, if you decode your certificates by running `openssl x509 -in server-ca.crt -text -noout`, do they appear to be valid?
If they are invalid you can try regenerating them using `scripts/generate-consul-certs` and copying each files contents into the appropriate place in your cf manifest's consul properties.
Thanks,
Christian and George
It looks like your problem might be that one or more of the consul certificates in your cf manifest is not a valid PEM encoded certificate, or the certificates are missing entirely. Do the consul properties in your cf manifest look approximately like this (with your own certificates and keys):
https://github.com/cloudfoundry-incubator/consul-release/blob/master/manifests/aws/multi-az-ssl.yml#L122-L261
Also, if you decode your certificates by running `openssl x509 -in server-ca.crt -text -noout`, do they appear to be valid?
If they are invalid you can try regenerating them using `scripts/generate-consul-certs` and copying each files contents into the appropriate place in your cf manifest's consul properties.
Thanks,
Christian and George
Sylvain Gibier
Hi,
i end up regenerating the whole stack using v234 instead and it worked -
using the same consul certificates.
Sylvain
toggle quoted message
Show quoted text
i end up regenerating the whole stack using v234 instead and it worked -
using the same consul certificates.
Sylvain
On Wed, Apr 13, 2016 at 7:54 PM, Christian Ang <cang(a)pivotal.io> wrote:
Hi Sylvain,
It looks like your problem might be that one or more of the consul
certificates in your cf manifest is not a valid PEM encoded certificate, or
the certificates are missing entirely. Do the consul properties in your cf
manifest look approximately like this (with your own certificates and keys):
https://github.com/cloudfoundry-incubator/consul-release/blob/master/manifests/aws/multi-az-ssl.yml#L122-L261
Also, if you decode your certificates by running `openssl x509 -in
server-ca.crt -text -noout`, do they appear to be valid?
If they are invalid you can try regenerating them using
`scripts/generate-consul-certs` and copying each files contents into the
appropriate place in your cf manifest's consul properties.
Thanks,
Christian and George