1257981 – [engine] already expired engine cert is detected as about to expire

Bug 1257981 - [engine] already expired engine cert is detected as about to expire

Summary: [engine] already expired engine cert is detected as about to expire

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine
Sub Component:
Version:	3.6.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	ovirt-3.6.0-rc
Target Release:	3.6.0
Assignee:	Moti Asayag
QA Contact:	Jiri Belka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-08-28 14:23 UTC by Jiri Belka
Modified:	2016-04-20 01:26 UTC (History)
CC List:	7 users (show)
Fixed In Version:	3.6.0-12
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-04-20 01:26:21 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
engine.log (75.58 KB, application/x-gzip) 2015-08-28 14:23 UTC, Jiri Belka	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	45689	0	master	MERGED	engine: Log proper log type per expiration event	2020-09-22 15:17:59 UTC
oVirt gerrit	45690	0	ovirt-engine-3.6	MERGED	engine: Log proper log type per expiration event	2020-09-22 15:18:03 UTC

Description Jiri Belka 2015-08-28 14:23:34 UTC

Created attachment 1068041 [details]
engine.log

Description of problem:
It seems there's contra-login in comparison with BZ1257876. This time engine certs is already expired but engine reports it as only about to expire.


2020-08-28 16:03:58,554 WARN  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-12) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: oVirt-engine's certification is about to expire at 2020-08-01. Please renew the engine's certification.

^^ see date and date in the event msg.

[root@jb-bz1 ~]# openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer -startdate -enddate -noout
notBefore=Aug 27 11:56:31 2015 GMT
notAfter=Aug  1 11:56:31 2020 GMT
[root@jb-bz1 ~]# date
Fri Aug 28 16:17:59 CEST 2020


Version-Release number of selected component (if applicable):
rhevm-backend-3.6.0-0.12.master.el6.noarch

How reproducible:
100%

Steps to Reproduce:
1. engine-setup and stop ovirt-engine, postgresql (disable ntpd, stop ntpd)
2. check when engine cert expires and change date after 'notAfter' of the engine cert
3. start engine and wait for event msg

Actual results:
oVirt-engine's certification is about to expire at 2020-08-01. Please renew the engine's certification.

Expected results:
oVirt-engine's certification has expired at 2020-08-01. Please renew the engine's certification.

Additional info:

Comment 1 Jiri Belka 2015-09-17 07:57:57 UTC

ok, rhevm-backend-3.6.0-0.15.master.el6.noarch

  > current date: 2015-09-21
  > expire date:  2015-09-20

(OK) 2015-09-21 12:25:18,977 WARN  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-12) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Messag\
e: oVirt-engine's certification has expired at 2015-09-20. Please renew the engine's certification.

(There's discussion in BZ1263697 if wording 'has expired' is the best one.)

Note You need to log in before you can comment on or make changes to this bug.