Failed to join cluster: Failed to update cluster trust: Existing server certificate with different name "wh-0002" already in trust store

LockWithoutKey · July 20, 2021, 8:42am

I got an error when adding a new node to an exist cluster.

Here’s my preseed file, the cluster_certificate is in the bootstrap node on path /var/snap/lxd/common/lxd/cluster.crt

The error is Failed to join cluster: Failed to update cluster trust: Existing server certificate with different name “wh-0002” already in trust store.

also try to lxd init without preseed file, called the same error

trying to run ‘lxc config trust remove fingerprint’ , remove server.crt and server.key, restart snap.lxd.deamon.service, but the error still occured… need some help~

tomp · July 20, 2021, 10:24am

Can you paste your preseed config as txt here so I can try and recreate issue?

Also please can you show lxc config trust ls output on an existing cluster member. Thanks

LockWithoutKey · July 20, 2021, 11:20am

cluster:
server_name: node2
enabled: true
cluster_address: 192.168.0.172:8443
cluster_certificate: |
-----BEGIN CERTIFICATE-----
MIICBjCCAYygAwIBAgIQHy/fyyqgmj1F+hNAfQEI7TAKBggqhkjOPQQDAzA1MRww
GgYDVQQKExNsaW51eGNvbnRhaW5lcnMub3JnMRUwEwYDVQQDDAxyb290QHdoLTAw
MDEwHhcNMjEwNzIwMDgyMDM0WhcNMzEwNzE4MDgyMDM0WjA1MRwwGgYDVQQKExNs
aW51eGNvbnRhaW5lcnMub3JnMRUwEwYDVQQDDAxyb290QHdoLTAwMDEwdjAQBgcq
hkjOPQIBBgUrgQQAIgNiAARNwlIKpWZ5HCTdKGJeC+KRSk5XmgLjMBtp7hyoUyrO
iIiTlvLG2zW8YqPygIKt+aAGyteOzWWQjE5i1UJ2Uo2H0SPVQTCA6cY3thmwvoHc
7kDNI8v+ou0aa26v4N9LlKSjYTBfMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAK
BggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMCoGA1UdEQQjMCGCB3doLTAwMDGHBH8A
AAGHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwMDaAAwZQIwFradvYVOVAy0
9/v5qaersDgKnz9hyKXYKe2FJbimvgKg/cvdg9ZHDn8RDwuo7OKIAjEA13xVAAs0
YxT/wopJxLxFpXGHLhvr27OzGGIda1xCiaRKI0BNyV85kzGv5iddNjwp
-----END CERTIFICATE-----
server_address: 192.168.0.104:8443
cluster_password: cluster
cluster_certificate_path: “”

sorry I cleaned the old virtual machine, cannot ge t the lxc config trust list.
I deleted the 4.16 lxd, back to 4.0.6 and everything is ok.
Maybe it’s a minor bug in 4.16 when I define the node name (during lxd init) and the node name not equals hostname, the error triggered.

tomp · July 20, 2021, 12:25pm

Yes the server_name must match the member name in the certificate.

Where is wh-0002 coming from?