Restore with expired certificates fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Virginia Martins Perozim |
Bug Description
Brief Description
-----------------
If the backup is taken and the certs are expired or expiring before the restore the restore fails and cannot be recovered. The step that fails is 'system certificate-
Severity
--------
Major
Steps to Reproduce
------------------
1) Create an CA that will expire in a short timeframe
2) Wait for the CA to expire
3) Perform a backup
4) Follow the procedures to restore the system.
Expected Behavior
------------------
If certificates are expired the restore should not fail and if the certificates expire a restart of restore would be possible.
Actual Behavior
----------------
Restore is failing and there is no way to recover.
Reproducibility
---------------
100% reproducible.
System Configuration
-------
One node system.
Branch/Pull Time/Commit
-------
master
Last Pass
---------
-
Timestamp/Logs
--------------
TASK [bootstrap/
Saturday 06 August 2022 13:28:42 +0000 (0:00:00.175) 0:10:28.546 *******
fatal: [localhost]: FAILED! => changed=true
cmd: source /etc/platform/
delta: '0:00:02.533496'
end: '2022-08-06 13:28:45.665924'
msg: non-zero return code
rc: 1
start: '2022-08-06 13:28:43.132428'
stderr: 'Certificate /tmp/ca-cert.pem not installed: certificate is not valid before 2022-08-04 21:13:50 nor after 2022-08-05 21:13:50'
stderr_lines:
- 'Certificate /tmp/ca-cert.pem not installed: certificate is not valid before 2022-08-04 21:13:50 nor after 2022-08-05 21:13:50'
stdout: |-
WARNING: For security reasons, the original certificate,
containing the private key, will be removed,
once the private key is processed.
stdout_lines: <omitted>
Test Activity
-------------
B&R.
Workaround
----------
-
Changed in starlingx: | |
importance: | Undecided → Medium |
tags: | added: stx.8.0 stx.update |
Changed in starlingx: | |
assignee: | nobody → Virginia Martins Perozim (vmperozim) |
tags: |
added: stx.9.0 removed: stx.8.0 |
Fix proposed to branch: master /review. opendev. org/c/starlingx /ansible- playbooks/ +/852785
Review: https:/