Actions
action #104172
closedosd service ca-certificates failed with "p11-kit: couldn't complete writing of file: /var/lib/ca-certificates/ca-bundle.pem.tmp: File exists"
Start date:
2021-12-20
Due date:
% Done:
0%
Estimated time:
Description
Observation¶
systemctl status ca-certificates
on OSD states
● ca-certificates.service - Update system wide CA certificates
Loaded: loaded (/usr/lib/systemd/system/ca-certificates.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2021-12-20 06:16:57 CET; 1h 33min ago
TriggeredBy: ● ca-certificates.path
Main PID: 25310 (code=exited, status=1/FAILURE)
Dec 20 06:16:56 openqa systemd[1]: Starting Update system wide CA certificates...
Dec 20 06:16:57 openqa update-ca-certificates[25339]: p11-kit: couldn't complete writing of file: /var/lib/ca-certificates/ca-bundle.pem.tmp: File exists
Dec 20 06:16:57 openqa systemd[1]: ca-certificates.service: Main process exited, code=exited, status=1/FAILURE
Dec 20 06:16:57 openqa systemd[1]: ca-certificates.service: Failed with result 'exit-code'.
Dec 20 06:16:57 openqa systemd[1]: Failed to start Update system wide CA certificates.
Suggestions¶
Maybe retrying within the service helps
Workaround¶
Manual retry helps: systemctl restart ca-certificates
Updated by okurz about 3 years ago
- Due date set to 2022-02-28
- Status changed from New to Feedback
- Assignee set to okurz
- Priority changed from High to Low
I applied manual retry and that worked. I have not seen this in before. ca-certificates.service is triggered by ca-certificates.path which is available and enabled on all our machines. I assume potentially this problem might appear on all our machines but because it only happened on openqa.suse.de maybe it's related to our SSL certificate handling using dehydrated? Not sure if we need to do anything about it actually so will monitor for some time.
Updated by okurz about 3 years ago
- Due date deleted (
2022-02-28) - Status changed from Feedback to Resolved
Hasn't shown up since then
Updated by okurz over 2 years ago
- Related to action #117262: [alert] failed systemd service: ca-certificates on openqa.suse.de, "p11-kit: couldn't complete writing of file: /var/lib/ca-certificates/ca-bundle.pem.tmp: Unknown error 17" size:M added
Updated by okurz over 1 year ago
- Related to action #131096: [alert] Service `ca-certificates` can fail size:M added
Actions