vmware-archive/lightwave

2 directories not created during install

oddboy opened this issue · 0 comments

oddboy commented

Describe the bug
Upon installing lightwave (from photon-updates repo, on photonOS 2), the log contains errors:

Dec 28 04:09:17 dc01 vmafdd[4017]: t@140141993535232: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: ERROR! [VmAfdIpcTriggerRootCertsRefresh] is returning [2] Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushMachineSslCertificate returning 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: [Error - 4312, ../../../../vmafd/server/vmafd/rootfetch.c:684] Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 03:46:10 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2

There are other errors pretaining to Root certificates, such as:

Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: ERROR! [VmAfdIpcTriggerRootCertsRefresh] is returning [2] Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushMachineSslCertificate returning 2 Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 28 04:11:31 dc01 vmafdd[4017]: t@140142001927936: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2

and

Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: ERROR! [VmAfdIpcTriggerRootCertsRefresh] is returning [2] Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushMachineSslCertificate returning 2 Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushCrl Failed to flush CRL to download directory, 2 Dec 27 07:33:31 dc01 vmafdd[30440]: t@140631775106816: VecsSrvFlushRootCertificate Failed to flush trusted root to download directory, 2

My interpretation of these errors is that the CRL, Root certs and Machine cert can't be saved to disk.

This can be reproduced at will by running:

vecs-cli force-refresh --server dc01 --upn Administrator

Impact

  • Low - Not really in your way but annoyance -- not sure
  • Medium - Can be worked around
  • High - Blocker

Expected behavior
I would expect that the CRL could be flushed to disk.

Observed behavior
CRL is not flushed to disk.

To Reproduce
Steps to reproduce the behavior:

  1. tail the log file (journalctl -f)
  2. execute: `vecs-cli force-refresh --server --upn
  3. See error

Environment:

  • OS: VMware Photon OS 2.0, PHOTON_BUILD_NUMBER=0922243
  • Lightwave Version: 1.3.1.7-1.ph2
  • Likewise version: 6.2.11.4-4.ph2

Additional context
I have been able to eliminate the error by manually creating the following directories:

/etc/vmware-vpx/docRoot/certs
^ this one eliminates the errors about CRL and Root Certs

/etc/vmware/vmware-vmafd
^ this one eliminates the errors about machine-ssl.crt

There remains one error. I don't know if it's related or not.

vmafdd[24656]: t@140186877519616: [Error - 4312, ../../../../vmafd/server/vmafd/rootfetch.c:684]