Active certificate alarms are not cleared on the system
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Reinildes Oliveira |
Bug Description
*+Brief Description+*
500.210 oidc-auth-
*+Severity+*
Major
*+Steps to Reproduce+*
1)Create the following issuer
{code:java}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: system-
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cloudplatform-
namespace: kube-system
spec:
secretName: cloudplatform-
commonName: "cloudplatform-
isCA: true
duration: 43800h0m0s
renewBefore: 720h0m0s
issuerRef:
name: system-
kind: ClusterIssuer
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: cloudplatform-
namespace: kube-system
spec:
ca:
secretName: cloudplatform-
---
{code}
2)request the following cert
{code:java}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: oidc-auth-
namespace: kube-system
spec:
duration: 1h
renewBefore: 55m
secretName: oidc-auth-
dnsNames:
- cgcs-subcloud1.
ipAddresses:
- 2620:10a:
organization:
- MY-System
issuerRef:
name: cloudplatform-
kind: Issuer
{code}
3)verify cert is issued
{code:java}
[sysadmin@
NAME READY SECRET AGE
cloudplatform-
oidc-auth-
{code}
4)now delete the issuer
{code:java}
kubectl delete -f issuer.yaml
{code}
5)also delete the certificate
6)Now system raises the expiring alarm and after sometime the alarm changed to expired alarm.
I expect active alarm audit to run every 1 hr only on alarms that are active in FM system
I waited more than an hour but its not cleared
{code:java}
controller-0:~$ source /etc/platform/
fm a[sysadmin@
+------
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+------
| 500.200 | Certificate namespace=
| | 2022-05-25, 14:58:17 | certificate=
| | | certificate | | |
| | | | | |
+------
[sysadmin@
Wed May 25 14:50:43 UTC 2022
[sysadmin@
+------
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+------
| 500.200 | Certificate namespace=
| | 2022-05-25, 14:58:17 | certificate=
| | | certificate | | |
| | | | | |
+------
[sysadmin@
[sysadmin@
{code}
*+Expected Behavior+*
I expect active alarm audit to run every 1 hr only on alarms that are active in FM system
I waited more than an hour but its not cleared
*+Actual Behavior+*
alarm stays forever
*+Reproducibility+*
100%
*+System Configuration+*
ipv6 standard system
*+Alarms+*
{code:java}
Every 2.0s: fm alarm-list Wed May 25 15:12:18 2022
+------
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+------
| 500.210 | Certificate namespace=
| | | certificate=
| | | certificate | | |
| | | | | |
+------
{code}
*+Test Activity+*
regression
*+Workaround+*
manually delete the alarms
Changed in starlingx: | |
assignee: | nobody → Reinildes Oliveira (rjosemat) |
description: | updated |
tags: | added: stx.7.0 stx.config stx.security |
Changed in starlingx: | |
importance: | Undecided → Medium |
Fix proposed to branch: master /review. opendev. org/c/starlingx /config/ +/845817
Review: https:/