Bug 1895607
| Summary: | certificates are regenerated only when crt is missing. | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Jeff Cantrill <jcantril> | |
| Component: | Logging | Assignee: | Jeff Cantrill <jcantril> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Anping Li <anli> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 4.5 | CC: | anli, aos-bugs, dahernan, gparente, jcantril, jeder, ocasalsa, periklis, qitang, rrackow, syedriko, vlaad | |
| Target Milestone: | --- | Keywords: | ServiceDeliveryImpact | |
| Target Release: | 4.6.z | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | logging-core | |||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: |
Cause: Certificates are stored in a temp location and not kept across invocations of the operator. Additionally, multiple threads can access the same code paths leading to possible inconsistencies with the certificate generation.
Consequence: It's possible the various nodes of the ES log store are restarted with different certificates. Additionally there are times where the collector may not be able to write to the logstore because there is a mismatch in certs.
Fix: Provide additional log messages and checks to determine if certificates need to be regenerated as well as introduce a mutex to ensure single threaded execution. Additionally, all generated certs are stored and fetched from the master cert secret
Result: Generated certificates are consistently fetched and written to/from the same source allowing them to be checked during reconciliation
|
Story Points: | --- | |
| Clone Of: | 1888958 | |||
| : | 1915840 (view as bug list) | Environment: | ||
| Last Closed: | 2021-01-22 15:28:30 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1888958 | |||
| Bug Blocks: | 1915840 | |||
|
Comment 3
Anping Li
2020-12-02 06:12:08 UTC
Hello, I can see in the PR [1] that in the latest updated (12 days ago) it failed to apply on top of the branch "release-4.5". Is this going to be tried again? Regards, Oscar |