Old etcd certs/keys are copied when standby controller is lock/unlocked
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Andy |
Bug Description
Brief Description
-----------------
When standby controller is locked then unlocked, the etcd certs/keys in /opt/platform/
Severity
--------
Critical (if the certs in /opt/platform/
Steps to Reproduce
------------------
- Generate and replace etcd certs/keys with validation time shorter than 15 days.
- Wait until /usr/bin/
- Lock and then unlock standby controller
- Check certs/keys in /etc/etcd directory on standby controller
Expected Behavior
------------------
/etc/etcd contains the newly rotated certs/keys
Actual Behavior
----------------
/etc/etcd contains the certs/keys before rotation (copies from /opt/platform/
Reproducibility
---------------
100% reproducible
System Configuration
-------
Any
Branch/Pull Time/Commit
-------
STX master
Last Pass
---------
Unknown
Timestamp/Logs
--------------
Reference to "Steps to Reproduce"
Test Activity
-------------
Developer Testing
Workaround
----------
Manually copy the newly rotated certs/keys from active controller.
Changed in starlingx: | |
assignee: | nobody → Andy (andy.wrs) |
importance: | Undecided → High |
tags: | added: stx.9.0 stx.security |
Fix proposed to branch: master /review. opendev. org/c/starlingx /config/ +/882095
Review: https:/