2 directories not created during install #38
Description
Describe the bug
Upon installing lightwave (from photon-updates repo, on photonOS 2), the log contains errors:
Dec 28 04:09:17 dc01 vmafdd[4017]: t@140141993535232: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: ERROR! [VmAfdIpcTriggerRootCertsRefresh] is returning [2] Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushMachineSslCertificate returning 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: [Error - 4312, ../../../../vmafd/server/vmafd/rootfetch.c:684] Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2
There are other errors pretaining to Root certificates, such as:
Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: ERROR! [VmAfdIpcTriggerRootCertsRefresh] is returning [2] Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushMachineSslCertificate returning 2 Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2
and
Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: ERROR! [VmAfdIpcTriggerRootCertsRefresh] is returning [2] Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushMachineSslCertificate returning 2 Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2
My interpretation of these errors is that the CRL, Root certs and Machine cert can't be saved to disk.
This can be reproduced at will by running:
vecs-cli force-refresh --server dc01 --upn Administrator
Impact
- Low - Not really in your way but annoyance -- not sure
- Medium - Can be worked around
- High - Blocker
Expected behavior
I would expect that the CRL could be flushed to disk.
Observed behavior
CRL is not flushed to disk.
To Reproduce
Steps to reproduce the behavior:
- tail the log file (
journalctl -f) - execute: `vecs-cli force-refresh --server --upn
- See error
Environment:
- OS: VMware Photon OS 2.0, PHOTON_BUILD_NUMBER=0922243
- Lightwave Version: 1.3.1.7-1.ph2
- Likewise version: 6.2.11.4-4.ph2
Additional context
I have been able to eliminate the error by manually creating the following directories:
/etc/vmware-vpx/docRoot/certs
^ this one eliminates the errors about CRL and Root Certs
/etc/vmware/vmware-vmafd
^ this one eliminates the errors about machine-ssl.crt
There remains one error. I don't know if it's related or not.
vmafdd[24656]: t@140186877519616: [Error - 4312, ../../../../vmafd/server/vmafd/rootfetch.c:684]