Docker "check-in ratelimit" and "not signed by any CA in the whitelist: CA cert"

Node Operators troubleshooting
, ,
1

Hello everyone, I hope not to make a duplicate post

I have installed ubuntu server 20.04 on a bar metal server.

I did the procedure to install a storage node with docker.

So I have :

  • Open my ports on the network
  • Configure the net.core.rmem_max=2500000
  • put my identity which was verified in config/identity/
  • launched the container setup to generate the config.yml and data folder
  • launched the final container to start the storagenode.

I had errors that I tried to correct with “Storage Node Troubleshooting – Storj” but … it’s not enough for solv my error :confused:

ERROR   contact:service ping satellite failed   {"Satellite ID": "XXXXXXXXXXXXXXXXXXXXXXXX", "attempts": 1, "error": "ping satellite: check-in ratelimit: node rate limited by id", "errorVerbose": "ping satellite: check-in ratelimit: node rate limited by id\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatelliteOnce:138\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatellite:95\n\tstorj.io/storj/storagenode/contact.(*Chore).updateCycles.func1:87\n\tstorj.io/common/sync2.(*Cycle).Run:92\n\tstorj.io/common/sync2.(*Cycle).Start.func1:71\n\tgolang.org/x/sync/errgroup.(*Group).Go.func1:57"}
ERROR   contact:service ping satellite failed   {"Satellite ID": "XXXXXXXXXXXXXXXXXXXXXXXX", "attempts": 3, "error": "ping satellite: failed to dial storage node (ID: XXXXXXXXXXXXXXXXXXXXXXXX) at address my_dynamicDNS/IP:28967: rpc: tls peer certificate verification: not signed by any CA in the whitelist: CA cert", "errorVerbose": "ping satellite: failed to dial storage node (ID: XXXXXXXXXXXXXXXXXXXXXXXX) at address my_dynamicDNS/IP:28967: rpc: tls peer certificate verification: not signed by any CA in the whitelist: CA cert\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatelliteOnce:141\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatellite:95\n\tstorj.io/storj/storagenode/contact.(*Chore).updateCycles.func1:87\n\tstorj.io/common/sync2.(*Cycle).Run:92\n\tstorj.io/common/sync2.(*Cycle).Start.func1:71\n\tgolang.org/x/sync/errgroup.(*Group).Go.func1:57"}
2

Hello @ereziix ,
Welcome to the forum!

Your identity is not signed: Identity - Node Operator
Please, do that:

3

Thanks @Alexey :slight_smile:

If y try too re-signed i have this message :

2021/08/08 20:22:33 proto: duplicate proto type registered: node.SigningRequest
2021/08/08 20:22:33 proto: duplicate proto type registered: node.SigningResponse
Error: certificates peer error: authorization already claimed

My return command (for check) are well (2 and 3)

4

Please, check it from the docker:

docker exec -it storagenode grep -c BEGIN identity/ca.cert

docker exec -it storagenode grep -c BEGIN identity/identity.cert

Then please, show result of the command:

docker inspect storagenode -f '{{.Mounts}}'
5

My result :

root@pm-docker01-prd:/var/log# docker exec -it storagenode grep -c BEGIN identity/ca.cert
2
root@pm-docker01-prd:/var/log# docker exec -it storagenode grep -c BEGIN identity/identity.cert
2
root@pm-docker01-prd:/var/log# docker inspect storagenode -f '{{.Mounts}}'
[{bind  /root/storj/data /app/config   true rprivate} {bind  /root/storj/config/identity /app/identity   true rprivate}]

i dont know why i have only 2 cert in my container :upside_down_face:

My identity folder :

-rw-r--r-- 1 root root  241 Aug  7 19:26 identity.key
-rw-r--r-- 1 root root 1096 Aug  7 19:26 identity.cert
-rw-r--r-- 1 root root 1096 Aug  7 19:26 identity.1234.cert
-rw-r--r-- 1 root root  241 Aug  7 19:26 ca.key
-rw-r--r-- 1 root root 1088 Aug  7 19:26 ca.cert
-rw-r--r-- 1 root root  558 Aug  7 19:26 ca.1234.cert
6

Then I would recommend to take the identity from the backup and sign it with a new authorization token or perhaps copy the ~/.local/share/storj/identity/storagenode over /root/storj/config/identity one more time, then restart the container.

7

Do you have a documentation to do this action?

8

Yes. Identity - Node Operator
The backup in particular: Identity - Node Operator and copy/move to the disk: Identity - Node Operator
You just somewhere made a mistake or skipped something, that’s ok for the new node. In worst case you would need to re-create it.
The authorization token can be used once - yours already claimed, so you need to request a new one, if your backed up identity is not signed.

If you mean how to copy over, then it’s simply:

echo $HOME

then use the output of the previous command instead of SOURCE in this command:

sudo cp SOURCE/.local/share/storj/identity/storagenode/* /root/storj/config/identity/
9

I didn’t quite understand what you were asking me. So I recreated via a new mail. My node is online.

I did the same operation before, it’s strange. My other identities are definitely lost ?

10

I asked copy over /root/storj/config/identity/ the identity, which you measured as 2 and 3 here

if you did not change the path in the checking commands, then you probably have the normally signed identity in ~/.local/share/storj/identity/storagenode and you can just copy it over /root/storj/config/identity/, which was broken:

The other way - is to copy from backup and sign again with a new authorization token (you can use the same email, it doesn’t matter).

Now I’m not understand. What other identities?

11

I create identiry and sign from other machine. i juste backup and push all key and cert on my docker machine.

For other identities, a create 3 identities with 3 mail. of which only one works

12

The email doesn’t matter. It’s just part of the token and should be valid to receive that token :slight_smile:
Using the token is burning it, so you cannot use the same token more than once.

13

OK thanks a lot for your help :slight_smile:

1 Like