[Tanzu 운영] (4) 트러블 슈팅: Bosh CA 인증서 생성시 중복오류

Tanzu 인증서 교체 시, Maestro regenerate로 인해 인증서가 중복 생성 되었을때

ubuntu@ip-10-0-0-36:~/test$ curl "https://54.238.105.246/api/v0/certificate_authorities/generate" -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d '{}' -i -k
HTTP/1.1 422 Unprocessable Entity
Date: Thu, 07 Apr 2022 01:28:00 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: private, no-store
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Vary: Accept
X-Request-Id: 14bc7bfb-2765-4a46-8c5f-512f70f8fa30
X-Runtime: 1.021888
Strict-Transport-Security: max-age=63072000; includeSubDomains
Server: Ops Manager

{"certificates":{"regenerated":[],"excluded":[],"regenerate_failed":[]},
"safety_violations":[{"violation":"certificate authorities can not have a transitional version",
"certificate_names":["/p-bosh/p_spring-cloud-services-121a7bc5537b4832fc01/pxc_galera_ca","/p-bosh/p_spring-cloud-services-121a7bc5537b4832fc01/pxc_server_ca"]},{"violation":"latest certificate authority versions with active children are not signing","certificate_names":["/p-bosh/p_spring-cloud-services-121a7bc5537b4832fc01/pxc_galera_ca","/p-bosh/p_spring-cloud-services-121a7bc5537b4832fc01/pxc_server_ca"]}],
"errors":["failed to create new inactive certificate"]

# latest certificate authority versions with active children are not signing

이 경우는 , 최신 버전의 자격증명의 버전과 해당 CA가 signed 하고 있는 active chiledren이 일치 하지 않는 경우

한마디로 꼬인 상태를 말한다. 이런 경우에는 children들을 삭제해주면 된다.

$ maestro update-transitional remove ca --all --skip-safety-check