Actions
action #131096
closed[alert] Service `ca-certificates` can fail size:M
Start date:
2023-06-19
Due date:
% Done:
0%
Estimated time:
Description
Observation¶
martchus@schort-server:~> sudo journalctl --since '2 days ago' -u ca-certificates
Jun 18 03:01:48 schort-server systemd[1]: Starting Update system wide CA certificates...
Jun 18 03:01:49 schort-server update-ca-certificates[29527]: mv: cannot stat '/var/lib/ca-certificates/ca-bundle.pem.new': No such file or directory
Jun 18 03:01:49 schort-server systemd[1]: ca-certificates.service: Main process exited, code=exited, status=1/FAILURE
Jun 18 03:01:49 schort-server systemd[1]: ca-certificates.service: Failed with result 'exit-code'.
Jun 18 03:01:49 schort-server systemd[1]: Failed to start Update system wide CA certificates.
-- Boot 41358baf1d8748c28a50ae58ad0915be --
Jun 18 03:34:27 schort-server systemd[1]: Starting Update system wide CA certificates...
Jun 18 03:34:36 schort-server systemd[1]: ca-certificates.service: Deactivated successfully.
Jun 18 03:34:36 schort-server systemd[1]: Finished Update system wide CA certificates.
The situation fixed itself after a reboot and until then it didn't cause further problems. However, the unit was in the failed state temporarily triggering an alert.
Suggestions¶
- Might be an upstream bug. If not exists report it
- Take a look into /usr/lib/ca-certificates/update.d/99certbundle.run , like https://github.com/openSUSE/ca-certificates/blob/master/certbundle.run#L37, might be easy to provide upstream contribution pull request to fix in https://github.com/openSUSE/ca-certificates , package is https://build.opensuse.org/package/show/openSUSE:Factory/ca-certificates
Updated by okurz over 1 year ago
- Tags changed from alert to alert, infra
- Target version set to Ready
Updated by okurz over 1 year ago
- Subject changed from [alert] Service `ca-certificates` can fail to [alert] Service `ca-certificates` can fail size:M
- Description updated (diff)
- Status changed from New to Workable
Updated by okurz over 1 year ago
From system journal before:
Jun 18 03:01:48 schort-server [RPM][29482]: erase ca-certificates-mozilla-2.44-21.1.noarch: success
Jun 18 03:01:48 schort-server systemd[1]: Starting Update system wide CA certificates...
Jun 18 03:01:48 schort-server sh[28670]: ( 5/397) Installing: ca-certificates-mozilla-2.60-150200.27.1.noarch [..
Jun 18 03:01:48 schort-server sh[28670]: p11-kit: couldn't create symlink: /var/lib/ca-certificates/openssl/a94d09e5.0: Unknown error 17
Jun 18 03:01:49 schort-server [RPM][29482]: install ca-certificates-mozilla-2.60-150200.27.1.noarch: success
Jun 18 03:01:49 schort-server update-ca-certificates[29527]: mv: cannot stat '/var/lib/ca-certificates/ca-bundle.pem.new': No such file or directory
Jun 18 03:01:49 schort-server systemd[1]: ca-certificates.service: Main process exited, code=exited, status=1/FAILURE
Jun 18 03:01:49 schort-server systemd[1]: ca-certificates.service: Failed with result 'exit-code'.
Jun 18 03:01:49 schort-server systemd[1]: Failed to start Update system wide CA certificates.
Jun 18 03:01:50 schort-server [RPM][29482]: erase ca-certificates-mozilla-2.44-21.1.noarch: success
Updated by okurz over 1 year ago
- Related to action #117262: [alert] failed systemd service: ca-certificates on openqa.suse.de, "p11-kit: couldn't complete writing of file: /var/lib/ca-certificates/ca-bundle.pem.tmp: Unknown error 17" size:M added
Updated by okurz over 1 year ago
- Related to action #104172: osd service ca-certificates failed with "p11-kit: couldn't complete writing of file: /var/lib/ca-certificates/ca-bundle.pem.tmp: File exists" added
Updated by okurz over 1 year ago
- Status changed from Workable to Rejected
- Assignee set to okurz
duplicate of #117262
Actions