Errand on-demand-broker-smoke-tests completed with error
search cancel

Errand on-demand-broker-smoke-tests completed with error

book

Article ID: 412412

calendar_today

Updated On:

Products

VMware Tanzu Application Service RabbitMQ Support Only for OpenSource RabbitMQ VMware Tanzu RabbitMQ

Issue/Introduction

On-demand-broker-smoke-tests errrand fails. 

Summarizing 5 failures:
[FAIL] Smoke tests [lt] pushes an app, sends, and reads a message from RabbitMQ over TLS: plan ‘rmq-ha-large’
/var/vcap/packages/cf-rabbitmq-smoke-tests/src/rabbitmq-smoke-tests/tests/helper/service_key.go:41
[FAIL] [SynchronizedAfterSuite]
/var/vcap/packages/cf-rabbitmq-smoke-tests/vendor/github.com/cloudfoundry/cf-test-helpers/v2/workflowhelpers/test_suite_setup.go:153
[FAIL] Smoke tests [lt] pushes an app, sends, and reads a message from RabbitMQ over TLS: plan ‘three-node-3.9’
/var/vcap/packages/cf-rabbitmq-smoke-tests/src/rabbitmq-smoke-tests/tests/helper/service_key.go:41
[FAIL] Smoke tests [lt] pushes an app, sends, and reads a message from RabbitMQ over TLS: plan ‘single-node-3.9’
/var/vcap/packages/cf-rabbitmq-smoke-tests/src/rabbitmq-smoke-tests/tests/helper/service_key.go:41
[FAIL] [SynchronizedAfterSuite]
/var/vcap/packages/cf-rabbitmq-smoke-tests/vendor/github.com/cloudfoundry/cf-test-helpers/v2/workflowhelpers/test_suite_setup.go:153

Ran 3 of 3 Speccs in 1631.991 seconds
FAIL! -- 0 Passed | 3 Failed | 0 Pending | 0 Skipped

Cause

A certificate rotation was not completed successfully, so TLS failures prevented smoke test from completing certain operations, such as deleting test spaces.

Pull a log bundle for the RabbitMQ tile

bosh -d <rmq-deployment> logs


Open the log bundle and find the on-demand-broker.<guid>.tgz file

Open the on-demand-broker-smoke-tests folder

Open the smoke-test-<timestamp>.log files.

[2025-09-26 15:58:47.14 (UTC)]> cf create-service-key rmq-smoke-test-instance-########-#### rmq-smoke-test-instance-########-####-key 
Creating service key rmq-smoke-test-instance-########-####-key for service instance rmq-smoke-test-instance-########-#### as tile_installer...
Service broker error: get user failed: Get "https://q-s0.rabbitmq-server.services-1.service-instance-########-####-###-####-############.bosh:15671/api/users/########-####-####-####-############": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "rootCA")
FAILED


The "certificate signed by unknown authority" error indicates use of a self-signed CA. The cure for this error is to make sure the CA is included in the Trusted Certificates field (Security tab in BOSH director tile).

Resolution

Go to the Security tab in BOSH director tile. 

Make sure this checkbox is selected -- "Include Tanzu Ops Manager Root CA in Trusted Certs"

If the CA is a custom / externally-generated cert, paste it into the "Trusted Certificates" field. Click "Save".

Perform an Apply Changes to the RabbitMQ tile, with the "Upgrade all service instances" errand enabled. After this is complete, you should be able to run the On-Demand-Broker Smoke Tests successfully.

Powered by Wolken Software