Managed OpenStack
Latest
Frequently Asked Questions
Solution
How To
Internal Only
Templates
Powered By
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
Unable to Add Host in Management Plane
Copy Markdown
Open in ChatGPT
Open in Claude
Problem
- Unable to view host in Management Plane for authorization even after running the installer script successfully.
- On the affected host, check if it is able to communicate with the Management Plane on port 443.
xxxxxxxxxx$ telnet management.plane 443- If the above command was successful check /etc/pf9/hostagent.conf for the cert_version followed by requesting the certificate using the same version.
xxxxxxxxxx$ less /etc/pf9/hostagent.conf[ssl]cert_version=v4disable=True$ openssl s_client -connect management.plane:443 -servername broker-v4 -cert /etc/pf9/certs/hostagent/cert.pem -key /etc/pf9/certs/hostagent/key.pem -CAfile /etc/pf9/certs/ca/cert.pem- The above command will not return the certificate. This confirms that the host is unable to communicate with the Management Plane using the SNI broker version 4 for certificates.
Environment
- Platform9 Managed OpenStack - v3.6.0 and Higher
- Hostagent
Cause
The SNI broker-v4 endpoint is blocked in the firewall on the customer plane.
Resolution
Allow the broker-v4 endpoint communication through the customer firewall.
Workaround
- Run the below command to check if the affected host is able to request a certificate from the Management Plane using any other version.
$ openssl s_client -connect management.plane:443 -servername http -cert /etc/pf9/certs/hostagent/cert.pem -key /etc/pf9/certs/hostagent/key.pem -CAfile /etc/pf9/certs/ca/cert.pem- If the above command returns the certificate successfully, copy the certificates from one of the working hosts to the affected host.
xxxxxxxxxx$ scp -r /etc/pf9/certs user@affectedhost:/tmp- On the affected hosts, keep the backup of original /etc/pf9/certs directory and then replace the original directory with the certificates copied from the working host.
- Restart the pf9-hostagent and pf9-sidekick service and check if the host is able to communicate with Management Plane by running the below command.
$ openssl s_client -connect management.plane:443 -servername broker-v4 -cert /etc/pf9/certs/hostagent/cert.pem -key /etc/pf9/certs/hostagent/key.pem -CAfile /etc/pf9/certs/ca/cert.pemVariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
Last updated on
Was this page helpful?
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message