Bosh task errors out on pre-check job pks-api
search cancel

Bosh task errors out on pre-check job pks-api

book

Article ID: 377371

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid Integrated (TKGi)

Issue/Introduction

After applying changes we see that the update fails at the 1st pre-check. 

This mentions it fails on the job pks-api. 

Environment

You are unable to login to VM after update or upgrade:

Error: Failed to communicate with the TKGI API.
ubuntu@###.###.###.###:~$ tkgi login -a api.server.pks.com -u admin -k

Error: Post https://api.server.pks.com:8443/oauth/token: dial tcp ###.###.###.###:8443: connect: connection refused

 

The update or upgrade to deployment fails with: 

Error: Action Failed get_task: Task 225f25af-0515-42c8-4365-47cbac77b6eb result: 1 of 6 pre-start scripts failed. Failed Jobs: pks-api. Successful Jobs: bpm, bosh-dns, syslog_forwarder, bosh-update-config, uaa. 

 

The pre-start.stderr.log shows the error message:

x509 certificate routines:X509_check_private_key: key values mismatch:../crypto/x509/x509_cmp.c:405: 

 

 

Cause

There is some kind of mismatch located with the pks-api certificate 

Resolution

Double-check the certificate located:

  • /var/vcap/jobs/pks-api/config 
  • TKGi tile > TKGI API > Certificate to secure the TKGi API 

If these certificates do not match correct this or generate a new certificate to match and apply the change.