Project

General

Profile

Actions
Copy link

action #104172

closed

osd service ca-certificates failed with "p11-kit: couldn't complete writing of file: /var/lib/ca-certificates/ca-bundle.pem.tmp: File exists"

Added by okurz over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Low
Assignee:
okurz
Category:
-
Target version:
openQA Project - Ready
Start date:
2021-12-20
Due date:
% Done:

0%

Estimated time:

Description

Observation

systemctl status ca-certificates on OSD states

● ca-certificates.service - Update system wide CA certificates
     Loaded: loaded (/usr/lib/systemd/system/ca-certificates.service; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Mon 2021-12-20 06:16:57 CET; 1h 33min ago
TriggeredBy: ● ca-certificates.path
   Main PID: 25310 (code=exited, status=1/FAILURE)

Dec 20 06:16:56 openqa systemd[1]: Starting Update system wide CA certificates...
Dec 20 06:16:57 openqa update-ca-certificates[25339]: p11-kit: couldn't complete writing of file: /var/lib/ca-certificates/ca-bundle.pem.tmp: File exists
Dec 20 06:16:57 openqa systemd[1]: ca-certificates.service: Main process exited, code=exited, status=1/FAILURE
Dec 20 06:16:57 openqa systemd[1]: ca-certificates.service: Failed with result 'exit-code'.
Dec 20 06:16:57 openqa systemd[1]: Failed to start Update system wide CA certificates.

Suggestions

Maybe retrying within the service helps

Workaround

Manual retry helps: systemctl restart ca-certificates

Related issues 2 (0 open2 closed)

Related to openQA Infrastructure - action #117262: [alert] failed systemd service: ca-certificates on openqa.suse.de, "p11-kit: couldn't complete writing of file: /var/lib/ca-certificates/ca-bundle.pem.tmp: Unknown error 17" size:MResolvedmkittler2022-09-27

Actions
Related to openQA Infrastructure - action #131096: [alert] Service `ca-certificates` can fail size:MRejectedokurz2023-06-19

Actions
Actions
Copy link
 #1

Updated by okurz over 2 years ago

  • Due date set to 2022-02-28
  • Status changed from New to Feedback
  • Assignee set to okurz
  • Priority changed from High to Low

I applied manual retry and that worked. I have not seen this in before. ca-certificates.service is triggered by ca-certificates.path which is available and enabled on all our machines. I assume potentially this problem might appear on all our machines but because it only happened on openqa.suse.de maybe it's related to our SSL certificate handling using dehydrated? Not sure if we need to do anything about it actually so will monitor for some time.

Actions
Copy link
 #2

Updated by okurz over 2 years ago

  • Due date deleted (2022-02-28)
  • Status changed from Feedback to Resolved

Hasn't shown up since then

Actions
Copy link
 #3

Updated by okurz over 1 year ago

  • Related to action #117262: [alert] failed systemd service: ca-certificates on openqa.suse.de, "p11-kit: couldn't complete writing of file: /var/lib/ca-certificates/ca-bundle.pem.tmp: Unknown error 17" size:M added
Actions
Copy link
 #4

Updated by okurz 10 months ago

  • Related to action #131096: [alert] Service `ca-certificates` can fail size:M added
Actions
Copy link

Also available in: Atom PDF