Output of show-certs.sh and certificate alarms is not consistent
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
ayyappa |
Bug Description
Brief Description
-----------------
The dc certs names in the output of "show-certs.sh" script are not in relation to the cert alarms
Severity
------
Minor - this is a minor inconsistency, but is causing user confusion
Steps to Reproduce
-------------------
Using a system where the DC admin endpoint certificate is nearing expiry, compare the output of the certificate expiry alarm with the output of the "show-certs.sh" script.
show-certs output snippet
DC-AdminEp-Server CERTIFICATE:
------
Renewal : Automatic [Managed by Cert-Manager]
Filename : /etc/ssl/
Subject : CN = 192.168.1.2
Issuer : CN = subcloud1-
Issue Date : Aug 2 13:03:11 2023 GMT
Expiry Date : May 28 13:03:11 2024 GMT
Residual Time : 299d
[sysadmin@
+------
| Alarm | Reason Text | Entity ID | Severity | Time Stamp |
| ID | | | | |
+------
| 500.200 | Certificate namespace=sc-cert, certificate=
| | certificate is expiring soon on 2023-07-21, 06:08:47 | certificate=
| | | certificate | | 089607 |
| | | | | |
+------
In the above two outputs, the names are not consistent
Expected Behavior
----------------
Based on the customer facing team, it needs to be easier for the customer to correlate the output of the two commands. The current output is causing confusion.
Actual Behavior
--------------
The output is still correct, but is displaying different fields and therefore is hard to correlate.
Reproducibility
-------------------
100% Reproducible
System Configuration
------------------
DC systems
Load info (eg: 2022-03-
stx.8.0
Branch/Pull Time/Commit
-------
NA.
Last Pass
--------
N/A Day one config
Timestamp/Logs
------------
NA.
Alarms
------
N/A
Test Activity
--------------
Debugging Request
Workaround
-----------
Not required.
Changed in starlingx: | |
status: | New → In Progress |
Changed in starlingx: | |
importance: | Undecided → Low |
tags: | added: stx.9.0 stx.security |
Changed in starlingx: | |
assignee: | nobody → ayyappa (mantri425) |
description: | updated |
description: | updated |
description: | updated |
tags: | added: stx.tools |
Reviewed: https:/ /review. opendev. org/c/starlingx /utilities/ +/890361 /opendev. org/starlingx/ utilities/ commit/ 95e774f3107b574 48862ed681ad01a 0e7a713cb9
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 95e774f3107b574 48862ed681ad01a 0e7a713cb9
Author: amantri <email address hidden>
Date: Wed Aug 2 16:00:09 2023 -0400
Fix the output of show-certs script to correlate with the alarms
The certificate names in the output of "show-certs.sh" are not
correlated with the corresponding certificate expiry/expired
alarms, this fix addresses this issue.
Test Cases:
namespace, cert names in the output for admin-ep certs
namespace, cert names in the output for admin-ep certs
"cm- cert-manager- webhook- ca" secret the renewal shows as
PASS: Run the "show-certs.sh" on systemcontroller and verify the
PASS: Run the "show-certs.sh" on subcloud and verify the
PASS: Run the "show-certs.sh" on standalone and verify it works
as expected
PASS: Run the "show-certs.sh" and verify that "registry.local"
changed to "docker_registry" to corelate with the alarm
PASS: Run "show-certs.sh" script without -k and verify the
filename is shown for ldap,ssl and docker-registry certs
PASS: Run "show-certs.sh" with -k and verify namespace/secret
name is shown in the output
PASS: Run "show-cert.sh -k" and verify in the output that for
"Auto renewal"
Closes-bug: 2029412
Change-Id: Icf08493f19bf52 9101488a8b5fa42 78ed9b325fc
Signed-off-by: amantri <email address hidden>