Dell NativeEdge: ECE Agent CSR Signing Fails Cluster Creation

Summary: During HA cluster creation, the ECE agent is required to sign a Certificate Signing Request (CSR) using HTTPS against the mTLS Orchestrator endpoint. In affected versions, the CSR signing logic performed only a single attempt with no retry capability. A single transient TCP timeout—often caused by short‑lived HAProxy instability—would immediately fail CSR signing on one node, resulting in entire HA cluster creation failure and triggering full cleanup. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Symptom

  • HA cluster creation fails unexpectedly
  • Error reported as CLUSTER_PROVISIONING_FAILED
  • Cluster cleanup is triggered automatically
  • Failure is intermittent and difficult to reproduce manually

Typical error observed:

dial tcp <haproxy-ip>:443: connect: connection timed out
Failed to sign CSR and get a signed certificate

Impact

  • A single transient network issue on any node stops the full multi‑node cluster creation
  • Repeated reruns are required even though the underlying infrastructure is healthy

Failure Scenario Example

In a 3‑node HA cluster:

  • Two nodes successfully signed CSR within seconds
  • One node experienced a transient TCP timeout
  • No retry was attempted
  • Cluster creation failed entirely
  • Cleanup was triggered across all nodes 
 

Cause

Primary Cause

  • ECE agent CSR signing had no retry logic
  • Only one HTTPS POST was attempted to the orchestrator certificate API
  • Any transient TCP issue caused immediate failure

Contributing Factors

  • Shared HAProxy experienced:
    • Frequent reloads
    • Hard‑stop events
    • Mass SSL connection termination
  • CSR signing was not resilient to:
    • TCP timeouts
    • Connection resets
    • Temporary DNS issues

Resolution

There is no workaround other than Retry cluster creation.

The fix will be in the next NativeEdge release.

Affected Products

NativeEdge Solutions
Article Properties
Article Number: 000450913
Article Type: Solution
Last Modified: 06 ذو القعدة 1447
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.