2.3.2 so-setup-network fails because registry.crt and registry.key are directories #1803

sonykphilip · 2020-11-03T14:56:31Z

sonykphilip
Nov 3, 2020

Hi All,

Im trying to install SO 2.3.2. This was fine Oct 25th or so [maybe not 2.3.2 then(?)] but when I tried today on a brand new machine, it keeps failing. Has anyone else run into this yet?

----------
ubuntu@ip-10-2-1-217:~/securityonion$ sudo lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.5 LTS
Release:        18.04
Codename:       bionic

ubuntu@ip-10-2-1-217:~/securityonion$ cat VERSION
2.3.2

Applying SSL state
....................................................................................................................++++
.......++++
.................................................++++
....................................++++
......................................................................++++
...................................................++++
.....++++
..........................................................++++
[ERROR ] Specified target /etc/pki/registry.key is a directory
[ERROR ] An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/salt/state.py", line 2154, in call
*cdata["args"], **cdata["kwargs"]
File "/usr/lib/python3/dist-packages/salt/loader.py", line 2087, in wrapper
return f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/salt/states/x509.py", line 696, in certificate_managed
contents = salt["x509.create_certificate"](text=True, **kwargs)
File "/usr/lib/python3/dist-packages/salt/modules/x509.py", line 1432, in create_certificate
kwargs["public_key"], passphrase=kwargs["public_key_passphrase"]
File "/usr/lib/python3/dist-packages/salt/modules/x509.py", line 706, in get_public_key
text = get_pem_entry(text)
File "/usr/lib/python3/dist-packages/salt/modules/x509.py", line 497, in get_pem_entry
raise salt.exceptions.SaltInvocationError(errmsg)
salt.exceptions.SaltInvocationError: PEM text not valid:
/etc/pki/registry.key

[ERROR ] Specified target /etc/pki/registry.key is a directory

----------
          ID: /etc/pki/registry.key
    Function: x509.private_key_managed
      Result: False
     Comment: Specified target /etc/pki/registry.key is a directory
     Started: 14:30:03.121594
    Duration: 369.296 ms
     Changes:
----------
          ID: /etc/pki/registry.crt
    Function: x509.certificate_managed
      Result: False
     Comment: An exception occurred in this state: Traceback (most recent call last):
                File "/usr/lib/python3/dist-packages/salt/state.py", line 2154, in call
                  *cdata["args"], **cdata["kwargs"]
                File "/usr/lib/python3/dist-packages/salt/loader.py", line 2087, in wrapper
                  return f(*args, **kwargs)
                File "/usr/lib/python3/dist-packages/salt/states/x509.py", line 696, in certificate_managed
                  contents = __salt__["x509.create_certificate"](text=True, **kwargs)
                File "/usr/lib/python3/dist-packages/salt/modules/x509.py", line 1432, in create_certificate
                  kwargs["public_key"], passphrase=kwargs["public_key_passphrase"]
                File "/usr/lib/python3/dist-packages/salt/modules/x509.py", line 706, in get_public_key
                  text = get_pem_entry(text)
                File "/usr/lib/python3/dist-packages/salt/modules/x509.py", line 497, in get_pem_entry
                  raise salt.exceptions.SaltInvocationError(errmsg)
              salt.exceptions.SaltInvocationError: PEM text not valid:
              /etc/pki/registry.key
     Started: 14:30:03.491088
    Duration: 23.984 ms
     Changes:
----------
          ID: regkeyperms
    Function: file.managed
        Name: /etc/pki/registry.key
      Result: False
     Comment: Specified target /etc/pki/registry.key is a directory
     Started: 14:30:03.515327
    Duration: 2.334 ms
     Changes:

26% - DOWNLOADING CONTAINERS FROM THE INTERNET

2020-11-03T14:30:27Z | I | Need to download registry
[INFO ] Loading fresh modules for state activity
[INFO ] Fetching file from saltenv 'base', ** done ** 'registry/init.sls'
[INFO ] Loading fresh modules for state activity
[INFO ] Running state [/opt/so/conf/docker-registry/etc] at time 14:30:28.962710
[INFO ] Executing state file.directory for [/opt/so/conf/docker-registry/etc]
[INFO ] The directory /opt/so/conf/docker-registry/etc is in the correct state
[INFO ] Completed state [/opt/so/conf/docker-registry/etc] at time 14:30:28.969891 (duration_in_ms=7.181)
[INFO ] Running state [/nsm/docker-registry/docker] at time 14:30:28.970094
[INFO ] Executing state file.directory for [/nsm/docker-registry/docker]
[INFO ] {'/nsm/docker-registry/docker': {'user': 939, 'group': 939}, 'user': 'socore', 'group': 'socore'}
[INFO ] Completed state [/nsm/docker-registry/docker] at time 14:30:28.972523 (duration_in_ms=2.429)
[INFO ] Running state [/opt/so/log/docker-registry] at time 14:30:28.972734
[INFO ] Executing state file.directory for [/opt/so/log/docker-registry]
[INFO ] {'/opt/so/log/docker-registry': 'New Dir'}
[INFO ] Completed state [/opt/so/log/docker-registry] at time 14:30:28.975467 (duration_in_ms=2.734)
[INFO ] Running state [/opt/so/conf/docker-registry/etc/config.yml] at time 14:30:28.975667
[INFO ] Executing state file.managed for [/opt/so/conf/docker-registry/etc/config.yml]
[ERROR ] Specified target /opt/so/conf/docker-registry/etc/config.yml is a directory
[INFO ] Completed state [/opt/so/conf/docker-registry/etc/config.yml] at time 14:30:28.977835 (duration_in_ms=2.168)
[INFO ] Running state [so-dockerregistry] at time 14:30:29.027556
[INFO ] Executing state docker_container.running for [so-dockerregistry]
[ERROR ] Container 'so-dockerregistry' is already configured as specified. Failed to start container 'so-dockerregistry': 'Error 400: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused "rootfs_linux.go:58: mounting \"/etc/pki/registry.crt\" to rootfs \"/var/lib/docker/overlay2/1de809e49e298713a12f88ffbe3356c831f16b7963eddc5865e32f13c0468a9c/merged\" at \"/var/lib/docker/overlay2/1de809e49e298713a12f88ffbe3356c831f16b7963eddc5865e32f13c0468a9c/merged/etc/pki/registry.crt\" caused \"not a directory\""": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type'.
[INFO ] Completed state [so-dockerregistry] at time 14:30:31.894141 (duration_in_ms=2866.584)

ubuntu@ip-10-2-1-217:~$ ls -l /etc/pki/
total 92
drwxr-xr-x 2 root root 4096 Nov 3 14:45 ca.cer
-rw-r----- 1 root root 2094 Nov 3 14:29 ca.crt
-rw-r----- 1 root socore 3243 Nov 3 14:29 ca.key
-rw-r----- 1 root root 2118 Nov 3 14:30 elasticsearch.crt
-rw-r----- 1 root elasticsearch 3247 Nov 3 14:30 elasticsearch.key
-rw-r----- 1 root elasticsearch 4285 Nov 3 14:30 elasticsearch.p12
-rw-r----- 1 root root 2086 Nov 3 14:30 filebeat.crt
-rw-r----- 1 root socore 3243 Nov 3 14:30 filebeat.key
-rw-r----- 1 logstash socore 3272 Nov 3 14:30 filebeat.p8
-rw-r----- 1 root root 1736 Nov 3 14:30 fleet.crt
-rw-r----- 1 root socore 3243 Nov 3 14:30 fleet.key
-rw-r----- 1 root root 2118 Nov 3 14:30 influxdb.crt
-rw-r----- 1 root socore 3243 Nov 3 14:30 influxdb.key
drwxr-x--- 2 root root 4096 Nov 3 14:30 issued_certs
-rw-r----- 1 root root 2163 Nov 3 14:30 managerssl.crt
-rw-r----- 1 root socore 3243 Nov 3 14:30 managerssl.key
-rw-r----- 1 root root 2118 Nov 3 14:30 minio.crt
-rw-r----- 1 root socore 3243 Nov 3 14:30 minio.key
-rw-r----- 1 root root 2118 Nov 3 14:30 redis.crt
-rw-r----- 1 root socore 3243 Nov 3 14:30 redis.key
drwxr-xr-x 2 root root 4096 Nov 3 14:29 registry.crt
drwxr-xr-x 2 root root 4096 Nov 3 14:29 registry.key

`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

2.3.2 so-setup-network fails because registry.crt and registry.key are directories #1803

Uh oh!

{{title}}

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

2.3.2 so-setup-network fails because registry.crt and registry.key are directories #1803

Uh oh!

sonykphilip Nov 3, 2020

Replies: 0 comments

sonykphilip
Nov 3, 2020