osd service ca-certificates failed with "p11-kit: couldn't complete writing of file: /var/lib/ca-certificates/ca-bundle.pem.tmp: File exists"
systemctl status ca-certificates on OSD states
● ca-certificates.service - Update system wide CA certificates Loaded: loaded (/usr/lib/systemd/system/ca-certificates.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2021-12-20 06:16:57 CET; 1h 33min ago TriggeredBy: ● ca-certificates.path Main PID: 25310 (code=exited, status=1/FAILURE) Dec 20 06:16:56 openqa systemd: Starting Update system wide CA certificates... Dec 20 06:16:57 openqa update-ca-certificates: p11-kit: couldn't complete writing of file: /var/lib/ca-certificates/ca-bundle.pem.tmp: File exists Dec 20 06:16:57 openqa systemd: ca-certificates.service: Main process exited, code=exited, status=1/FAILURE Dec 20 06:16:57 openqa systemd: ca-certificates.service: Failed with result 'exit-code'. Dec 20 06:16:57 openqa systemd: Failed to start Update system wide CA certificates.
Maybe retrying within the service helps
Manual retry helps:
systemctl restart ca-certificates
Updated by okurz almost 2 years ago
- Due date set to 2022-02-28
- Status changed from New to Feedback
- Assignee set to okurz
- Priority changed from High to Low
I applied manual retry and that worked. I have not seen this in before. ca-certificates.service is triggered by ca-certificates.path which is available and enabled on all our machines. I assume potentially this problem might appear on all our machines but because it only happened on openqa.suse.de maybe it's related to our SSL certificate handling using dehydrated? Not sure if we need to do anything about it actually so will monitor for some time.