EDR: Cbcluster Add-Node Fails with "No such file or directory: '/etc/cb/certs/cb-redis-ca.crt'"
search cancel

EDR: Cbcluster Add-Node Fails with "No such file or directory: '/etc/cb/certs/cb-redis-ca.crt'"

book

Article ID: 287411

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • The /usr/share/cb/cbcluster add-node command fails with the exception below:
================ Copying repo files to remote node ======================

Stopping cb-supervisord (via systemctl): [ OK ]
[Errno 2] No such file or directory: '/etc/cb/certs/cb-redis-ca.crt'
Traceback (most recent call last):
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/utils/exceptions.py", line 90, in decorator
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/maintenance/cbcluster/main.py", line 73, in main
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/maintenance/cbcluster/tasks/add_node.py", line 136, in execute
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/maintenance/cbcluster/tasks/add_node.py", line 240, in _copy_repo_files_to_new_node
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/maintenance/cbcluster/tasks/add_node.py", line 285, in _copy_certs
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/maintenance/cbcluster/ssh_client.py", line 169, in sudo_sftp_put
File "/usr/share/cb/virtualenv/lib/python3.9/site-packages/cb/maintenance/cbcluster/ssh_client.py", line 160, in do_sftp_put
File "/usr/share/cb/virtualenv/lib64/python3.9/site-packages/paramiko/sftp_client.py", line 757, in put
file_size = os.stat(localpath).st_size
FileNotFoundError: [Errno 2] No such file or directory: '/etc/cb/certs/cb-redis-ca.crt

 

Environment

  • EDR Server: 7.5.1-7.5.2

Cause

  • Missing certificate file

Resolution

Workaround:
  1. Create self-signed CA cert and private key.  Note: When creating the certificate (second command), complete the information when prompted. These items aren't required to workaround the issue, but if planning on using Redis Encryption they will need to be filled out appropriately or using a CA of choice. The settings found in the link below to Enable Redis Encryption used in the cb.conf file would enact these changes for Redis encryption.:
openssl genrsa -out /etc/cb/certs/cb-redis-ca.key 2048
openssl req -x509 -sha256 -new -nodes -key /etc/cb/certs/cb-redis-ca.key -days 3650 -out /etc/cb/certs/cb-redis-ca.crt
  1. Create blank cb-redis.crt and cb-redis.key files. This is for the workaround as we would want these to be a certificate/key pair if using Redis Encryption.
touch /etc/cb/certs/cb-redis.key
touch /etc/cb/certs/cb-redis.crt
  1. Attempt to add the node again:
/usr/share/cb/cbcluster add-node

This issue has been resolved in EDR Server version 7.6.2 and above

 

Additional Information

https://docs.vmware.com/en/VMware-Carbon-Black-EDR/7.6.2/rn/vmware-carbon-black-edr-server-762-release-notes/index.html
Powered by Wolken Software