Comment 3 for bug 1430791

Looking at the logs there are at least 2 issues:
1) TLS cert gets regenerated after upgrade, which is a bit surprising but probably expected. What's not expected is the panic while this happens.
2) After machine 0 gets upgraded and restarts, as other machines and units try to reconnect they try calling Login with a tag which the upgraded state server deems invalid and panics (due to missing envUUID most likely). This is definitely wrong - the apiserver should be more resilient towards older (without envUUID) clients trying to connect as well as against random DoS-type attacks with invalid credentials/tags.
Another reason for the second panic could be a missing/not-yet-run upgrade step perhaps?