VPLEX: Execution of security configure-certificate command fails with an error "Is a directory"

           

   Article Number:     530207                                   Article Version: 2     Article Type:    Break Fix 
   

 


Product:

 

VPLEX Series,VPLEX GeoSynchrony 5.5,VPLEX GeoSynchrony 6.0,VPLEX GeoSynchrony 6.1,VPLEX Metro,VPLEX VS2,VPLEX VS6,VPLEX Local

 

Issue:

 

 

'security configure-certificate' command execution fails with an error "Is a directory" as shown below :   

     
        VPlexcli:/> security configure-certificates       
          security configure-certificates:  Evaluation of <<security configure-certificates>> failed.       
          cause:                            Command execution failed.       
          cause:                            21       
          cause:                            Is a directory
   
   
    Errors seen in the client log :   
        
      2018-08-08 19:37:37,770 INFO  [Thread-57] service_localhost_T20810: security configure-certificates       
        2018-08-08 19:37:37,771 INFO  [Thread-57] audit: security configure-certificates       
        2018-08-08 19:37:37,892 ERROR [DefaultCommandHandler-Thread-3] security configure-certificates: Failed to configure certificates: Validation error: Certificates already present in the system.                    Delete old certificates before configuring the system with                    new certificates.       
        2018-08-08 19:37:37,967 ERROR [DefaultCommandHandler-Thread-3] ConfigureCertificatesCmd: 21       
        Traceback (most recent call last):       
          File "/opt/emc/VPlex/jython2.7b4/LibExt/yyapi.py", line 322, in _execute       
            result = self._execute_(shell,context,args)       
          File "/opt/emc/VPlex/jython2.7b4/LibExt/AutoBundles/prodscripts.jar/configureCertificates.py", line 148, in _execute_       
            cfgCert.restore()       
          File "/opt/emc/VPlex/jython2.7b4/LibExt/AutoBundles/prodscripts.jar/configureCertificates.py", line 241, in restore       
            self.cleanup()       
          File "/opt/emc/VPlex/jython2.7b4/LibExt/AutoBundles/prodscripts.jar/configureCertificates.py", line 656, in cleanup       
            self._deleteFilesInDir(GlobalVals.DEFAULT_CACERT_LOCATION)       
          File "/opt/emc/VPlex/jython2.7b4/LibExt/AutoBundles/prodscripts.jar/configureCertificates.py", line 675, in _deleteFilesInDir       
            self._removeFile(filePath)       
          File "/opt/emc/VPlex/jython2.7b4/LibExt/AutoBundles/prodscripts.jar/configureCertificates.py", line 652, in _removeFile       
            os.remove(file)       
        OSError: [Errno 21] Is a directory: '/etc/ipsec.d/cacerts/save' 
   
   
          
                                                             

 

 

Cause:

 

 

A manual creation of a folder named 'save' that was created under /etc/ipsec.d/cacerts/ interfered with the checks required for security certificates renewal procedure.                                                           

 

 

Resolution:

 

 

Step 1 : Login to VPLEX management server using the 'service' account credentials.   
        

      login as: service       
        Using keyboard-interactive authentication.       
        Password:       
        service@vplex01:~>
   
   
    Step 2 : Navigate to the path /etc/ipsec.d/cacerts/ and check for a folder called 'save'.   
        
      service@vplex01:~> cd /etc/ipsec.d/cacerts/       
        service@vplex01:/etc/ipsec.d/cacerts> ll save
   
   
    Step 3 : Delete the file with the name 'save'.   
        
      service@vplex01:/etc/ipsec.d/cacerts> rm -rf save   
   
    Step 4: Navigate to the VPlexcli and run the command  'security configure-certificates' again and check if command executed successfully.   
        
      VPlexcli:/> security configure-certificates   
   
    Step 5 : If the command still fails contact Dell-EMC Customer Support and mention this article.                                                           

 

 

Notes:

 

 

Note : Please make sure to delete the old certificates before executing the security configure-certificate command with the command as follows :   
        

       service@vplex01:~> rm /etc/ipsec.d/*/*pem*