Bug 1257981

Summary: [engine] already expired engine cert is detected as about to expire
Product: Red Hat Enterprise Virtualization Manager Reporter: Jiri Belka <jbelka>
Component: ovirt-engineAssignee: Moti Asayag <masayag>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Belka <jbelka>
Severity: high Docs Contact:
Priority: high    
Version: 3.6.0CC: gklein, lsurette, pstehlik, rbalakri, Rhev-m-bugs, srevivo, ykaul
Target Milestone: ovirt-3.6.0-rc   
Target Release: 3.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 3.6.0-12 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-20 01:26:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
engine.log none

Description Jiri Belka 2015-08-28 14:23:34 UTC 
Created attachment 1068041 [details]
engine.log

Description of problem:
It seems there's contra-login in comparison with BZ1257876. This time engine certs is already expired but engine reports it as only about to expire.


2020-08-28 16:03:58,554 WARN  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-12) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: oVirt-engine's certification is about to expire at 2020-08-01. Please renew the engine's certification.

^^ see date and date in the event msg.

[root@jb-bz1 ~]# openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer -startdate -enddate -noout
notBefore=Aug 27 11:56:31 2015 GMT
notAfter=Aug  1 11:56:31 2020 GMT
[root@jb-bz1 ~]# date
Fri Aug 28 16:17:59 CEST 2020


Version-Release number of selected component (if applicable):
rhevm-backend-3.6.0-0.12.master.el6.noarch

How reproducible:
100%

Steps to Reproduce:
1. engine-setup and stop ovirt-engine, postgresql (disable ntpd, stop ntpd)
2. check when engine cert expires and change date after 'notAfter' of the engine cert
3. start engine and wait for event msg

Actual results:
oVirt-engine's certification is about to expire at 2020-08-01. Please renew the engine's certification.

Expected results:
oVirt-engine's certification has expired at 2020-08-01. Please renew the engine's certification.

Additional info:
Comment 1 Jiri Belka 2015-09-17 07:57:57 UTC 
ok, rhevm-backend-3.6.0-0.15.master.el6.noarch

  > current date: 2015-09-21
  > expire date:  2015-09-20

(OK) 2015-09-21 12:25:18,977 WARN  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-12) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Messag\
e: oVirt-engine's certification has expired at 2015-09-20. Please renew the engine's certification.

(There's discussion in BZ1263697 if wording 'has expired' is the best one.)