We're updating the issue view to help you get more done. 

Can't join profile in ssl cluster - certifcate problem

Description

Cluster certificates are not updated on cluster join. Centos 7.4 (centos-release-7-4.1708.el7.centos.x86_64)

1. Bootstrap managers with ssl with autogenerated certificate
2. Start cluster on one CLI - I used cluster master CLI
3. Move to another node CLI and add cluster master profile and update it with `cfy cluster update-profile`
4. Try to add another node - I used cluster replica node CLI
Example:

1 2 3 4 5 [centos@cfy-4 ~]$ cfy cluster join 10.10.25.104 --cluster-host-ip 10.10.25.103 Joining the Cloudify Manager cluster: [u'10.10.25.104'] 2018-02-08T12:14:09 Started /opt/manager/env/bin/create_cluster_node --config /tmp/tmpvbxvoI. 2018-02-08T12:14:09 Starting /opt/manager/env/bin/create_cluster_node --config /tmp/tmpvbxvoI... An SSL-related error has occurred. This can happen if the specified REST certificate does not match the certificate on the manager. Underlying reason: HTTPSConnectionPool(host='10.10.25.103', port=443): Max retries exceeded with url: /api/v3.1/cluster?since=s%3D8da27bcd7cb44bb181b756f2da30e507%3Bi%3D832%3Bb%3Ddc0af0bfa15241d3bc4c60aa43c5b30e%3Bm%3D2c67106d3%3Bt%3D564b2595a72bf%3Bx%3D6111d8f76786cad7&_include=logs%2Cinitialized%2Cerror (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'),))

Cluster manager context:

1 2 3 4 5 [centos@cfy-4 ~]$ cat ~/.cloudify/profiles/10.10.25.104/context !CloudifyProfileContext _cluster: - {manager_ip: !!python/unicode '10.10.25.104', name: !!python/unicode 'cloudify_manager_KJ5AR4'} - {manager_ip: !!python/unicode '10.10.25.103', name: !!python/unicode 'cloudify_manager_XEVYCK'}

Status

Assignee

Omer Duskin

Reporter

Anna Szpoton

Labels

None

Severity

None

Bug Type

legacy bug

Target Version

4.3

Severity

None

Sprint

Fix versions

Affects versions

4.3