Status: New
Owner: ----
New issue 942 by [email protected]: Cluster verify not warning about 30d
SSL cert expiration
https://code.google.com/p/ganeti/issues/detail?id=942
What software version are you running? Please provide the output
of "gnt-cluster --version", "gnt-cluster version", and "hspace --version".
$ gnt-cluster --version
gnt-cluster (ganeti v2.10.1) 2.10.1
$ hspace --version
hspace (ganeti) version v2.10.1
compiled with ghc 7.4
running on linux x86_64
What distribution are you using?
Ubuntu Precise
What steps will reproduce the problem?
Have a SSL certificate that expires in 20 days.
gnt-cluster verify does not produce a warning or error.
gnt-cluster verify will produce an error once the certificate expires in 7d.
What is the expected output? What do you see instead?
gnt-cluster verify should produce a warning stating that the certificate
will expire in about 30 days.
Our logs indicate that cluster verify started showing ECLUSTERCERT only
within 7 days of expiration:
# cd/srv/ganeti/info/CLUSTERNAME
# cat 2014-08-*/verify | grep rapi.pem
Thu Aug 28 16:09:04 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 7 days
Thu Aug 28 20:09:04 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 7 days
Fri Aug 29 00:09:04 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 7 days
Fri Aug 29 04:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 7 days
Fri Aug 29 08:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 7 days
Fri Aug 29 12:09:04 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 7 days
Fri Aug 29 16:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 6 days
Fri Aug 29 20:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 6 days
Sat Aug 30 00:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 6 days
Sat Aug 30 04:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 6 days
Sat Aug 30 08:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 6 days
Sat Aug 30 12:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 6 days
Sat Aug 30 16:09:04 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 5 days
Sat Aug 30 20:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 5 days
Sun Aug 31 00:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 5 days
Sun Aug 31 04:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 5 days
Sun Aug 31 08:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 5 days
Sun Aug 31 12:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 5 days
Sun Aug 31 16:09:05 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 4 days
Sun Aug 31 20:09:04 2014 - WARNING:ECLUSTERCERT:cluster:None:While
verifying /var/lib/ganeti/rapi.pem: Certificate expires in about 4 days
This appears to be a bug since Constants.hs defines sslCertExpirationWarn
as 30 (days) and sslCertExpirationError as 7 (days)
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
