Bug 1257981 - [engine] already expired engine cert is detected as about to expire
[engine] already expired engine cert is detected as about to expire
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
3.6.0
Unspecified Unspecified
high Severity high
: ovirt-3.6.0-rc
: 3.6.0
Assigned To: Moti Asayag
Jiri Belka
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-28 10:23 EDT by Jiri Belka
Modified: 2016-04-19 21:26 EDT (History)
7 users (show)

See Also:
Fixed In Version: 3.6.0-12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-04-19 21:26:21 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
engine.log (75.58 KB, application/x-gzip)
2015-08-28 10:23 EDT, Jiri Belka
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 45689 master MERGED engine: Log proper log type per expiration event Never
oVirt gerrit 45690 ovirt-engine-3.6 MERGED engine: Log proper log type per expiration event Never

  None (edit)
Description Jiri Belka 2015-08-28 10:23:34 EDT
Created attachment 1068041 [details]
engine.log

Description of problem:
It seems there's contra-login in comparison with BZ1257876. This time engine certs is already expired but engine reports it as only about to expire.


2020-08-28 16:03:58,554 WARN  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-12) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: oVirt-engine's certification is about to expire at 2020-08-01. Please renew the engine's certification.

^^ see date and date in the event msg.

[root@jb-bz1 ~]# openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer -startdate -enddate -noout
notBefore=Aug 27 11:56:31 2015 GMT
notAfter=Aug  1 11:56:31 2020 GMT
[root@jb-bz1 ~]# date
Fri Aug 28 16:17:59 CEST 2020


Version-Release number of selected component (if applicable):
rhevm-backend-3.6.0-0.12.master.el6.noarch

How reproducible:
100%

Steps to Reproduce:
1. engine-setup and stop ovirt-engine, postgresql (disable ntpd, stop ntpd)
2. check when engine cert expires and change date after 'notAfter' of the engine cert
3. start engine and wait for event msg

Actual results:
oVirt-engine's certification is about to expire at 2020-08-01. Please renew the engine's certification.

Expected results:
oVirt-engine's certification has expired at 2020-08-01. Please renew the engine's certification.

Additional info:
Comment 1 Jiri Belka 2015-09-17 03:57:57 EDT
ok, rhevm-backend-3.6.0-0.15.master.el6.noarch

  > current date: 2015-09-21
  > expire date:  2015-09-20

(OK) 2015-09-21 12:25:18,977 WARN  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-12) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Messag\
e: oVirt-engine's certification has expired at 2015-09-20. Please renew the engine's certification.

(There's discussion in BZ1263697 if wording 'has expired' is the best one.)

Note You need to log in before you can comment on or make changes to this bug.