IPv6 Distributed Cloud: new created certificate not sync to subcloud
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Andy |
Bug Description
Brief Description
-----------------
In DC system, created a new certificate on System controller, but the new certificate does not sync to subcloud.
Severity
--------
Major
Steps to Reproduce
------------------
On System Controller
openssl genrsa -out ca-key.pem 2048
openssl req -x509 -new -nodes -key ca-key.pem -days 1024 -out ca-cert.pem -outform PEM
openssl genrsa -out server-key.pem 2048
openssl req -new -key server-key.pem -out server.csr
openssl x509 -req -in server.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server.pem -days 365
vi extfile.cnf
openssl x509 -req -days 365 -in server.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server.pem -extfile extfile.cnf
cat server-key.pem server.pem > server-with-key.pem
system certificate-install -m docker_registry server-with-key.pem
TC-name:
Expected Behavior
------------------
new certificate sync to all in-sync subcloud
Actual Behavior
----------------
Reproducibility
---------------
Seen once
System Configuration
-------
Distributed Cloud system
Lab-name:
Branch/Pull Time/Commit
-------
2019-11-02_08-39-54
Last Pass
---------
Timestamp/Logs
--------------
System Controller:
updated_at | 2019-11-
+------
[sysadmin@
+----+-
| id | name | management | availability | deploy status | sync |
+----+-
| 3 | subcloud6 | managed | online | complete | in-sync |
| 4 | subcloud5 | managed | online | complete | in-sync |
| 5 | subcloud1 | managed | online | complete | in-sync |
| 6 | subcloud4 | managed | online | complete | in-sync |
+----+-
[sysadmin@
[sysadmin@
WARNING: For security reasons, the original certificate,
containing the private key, will be removed,
once the private key is processed.
+------
| Property | Value |
+------
| uuid | e8f82bd5-
| certtype | docker_registry |
| signature | docker_
| start_date | 2019-11-03 03:13:57+00:00 |
| expiry_date | 2020-11-02 03:13:57+00:00 |
+------
[sysadmin@
+------
| uuid | certtype | expiry_date |
+------
| 63d88610-
| e8f82bd5-
| | istry | |
| | | |
+------
Subcloud6:
[sysadmin@
+------
| uuid | certtype | expiry_date |
+------
| 51cf6ee8-
+------
[sysadmin@
Mon Nov 4 15:03:27 UTC 2019
Test Activity
-------------
Sanity
tags: | added: stx.retestneeded |
Changed in starlingx: | |
status: | Triaged → In Progress |
tags: | removed: stx.retestneeded |
@Andy, Are these certificates supposed to be sync'd to the subclouds?