2024-03-05 14:32:01 |
ayyappa |
description |
Brief Description
-----------------
Alarm 500.200 is raised before the alarm-before window
Severity
--------
major
Steps to Reproduce
------------------
1)Create a certificate using cert-manager certificate definition using duration 182d12hour and renewbefore
as 14days 2hours
2)just before the 14days an alarm 500.200 is raised on this certificate for few hours since cert-alarm service only considers days while calculating threshold to raise the alarm.
Expected Behavior
------------------
alarm should not be raised before the renew-before time
Actual Behavior
----------------
alarm raised before the renew-before time
Reproducibility
---------------
100%
System Configuration
--------------------
all lab types
stx 8.0
Branch/Pull Time/Commit
-----------------------
na
Last Pass
---------
na
Timestamp/Logs
--------------
na
Test Activity
-------------
debugging request
Workaround
----------
not required |
Brief Description
-----------------
Alarm 500.200 is raised before the alarm-before window
Severity
--------
major
Steps to Reproduce
------------------
Consider the following values for certificate managed by cert-manager
alarm-before = 30days(default value set by system for all certs)
renew-before = 14days 2 hours
duration = 182days 12 hours
since the renew-before < alarm-before, the threshold to raise the alarm is set to 14days, notice the timestamp of alarm in timestamp/logs section "2024-02-28T06:48:16.388415"(the full audit might have triggered which has 24h interval or cert-alarm service restarted from node reboot, lock/unlock) for an alarm that is expiring on "2024-03-13, 23:59:34" the difference is 14days(14 days, 17 hours, 11 minutes and 18 seconds exactly but we only consider days), hence the cert-alarm service started raising this alarm.
And the certificate got renewed around Wed Feb 28 16:51:48 2024(UTC time is 21:51:48) by cert-manager, so when the next hourly audit ran the alarm got cleared.
so user will notice the alarm between Wed feb 28 6:48 to Web feb 28 16:51+next hourly audit scheduled = 12hours approximately on Wed feb 28th
Expected Behavior
------------------
alarm should not be raised before the renew-before time
Actual Behavior
----------------
alarm raised before the renew-before time
Reproducibility
---------------
100%
System Configuration
--------------------
all lab types
stx 8.0
Branch/Pull Time/Commit
-----------------------
na
Last Pass
---------
na
Timestamp/Logs
--------------
~(keystone_admin)]$ fm alarm-list
+----------+-----------------------------------------------------------------------------------------------+--------------------------------+----------+-------------------+
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+----------+-----------------------------------------------------------------------------------------------+--------------------------------+----------+-------------------+
| 500.200 | Certificate namespace=monitor, certificate=mon-elastic-services-extca-crt is expiring soon on | namespace=monitor.certificate= | major | 2024-02-28T06:48: |
| | 2024-03-13, 23:59:34 | mon-elastic-services-extca-crt | | 16.388415 |
| | | | | |
| 500.200 | Certificate namespace=monitor, certificate=mon-elastic-services-ca-crt is expiring soon on | namespace=monitor.certificate= | major | 2024-02-28T06:48: |
| | 2024-03-13, 23:59:34 | mon-elastic-services-ca-crt | | 15.825511 |
| | | | | |
+----------+-----------------------------------------------------------------------------------------------+--------------------------------+----------+-------------------+
Test Activity
-------------
debugging request
Workaround
----------
not required |
|
2024-03-05 14:35:39 |
ayyappa |
description |
Brief Description
-----------------
Alarm 500.200 is raised before the alarm-before window
Severity
--------
major
Steps to Reproduce
------------------
Consider the following values for certificate managed by cert-manager
alarm-before = 30days(default value set by system for all certs)
renew-before = 14days 2 hours
duration = 182days 12 hours
since the renew-before < alarm-before, the threshold to raise the alarm is set to 14days, notice the timestamp of alarm in timestamp/logs section "2024-02-28T06:48:16.388415"(the full audit might have triggered which has 24h interval or cert-alarm service restarted from node reboot, lock/unlock) for an alarm that is expiring on "2024-03-13, 23:59:34" the difference is 14days(14 days, 17 hours, 11 minutes and 18 seconds exactly but we only consider days), hence the cert-alarm service started raising this alarm.
And the certificate got renewed around Wed Feb 28 16:51:48 2024(UTC time is 21:51:48) by cert-manager, so when the next hourly audit ran the alarm got cleared.
so user will notice the alarm between Wed feb 28 6:48 to Web feb 28 16:51+next hourly audit scheduled = 12hours approximately on Wed feb 28th
Expected Behavior
------------------
alarm should not be raised before the renew-before time
Actual Behavior
----------------
alarm raised before the renew-before time
Reproducibility
---------------
100%
System Configuration
--------------------
all lab types
stx 8.0
Branch/Pull Time/Commit
-----------------------
na
Last Pass
---------
na
Timestamp/Logs
--------------
~(keystone_admin)]$ fm alarm-list
+----------+-----------------------------------------------------------------------------------------------+--------------------------------+----------+-------------------+
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+----------+-----------------------------------------------------------------------------------------------+--------------------------------+----------+-------------------+
| 500.200 | Certificate namespace=monitor, certificate=mon-elastic-services-extca-crt is expiring soon on | namespace=monitor.certificate= | major | 2024-02-28T06:48: |
| | 2024-03-13, 23:59:34 | mon-elastic-services-extca-crt | | 16.388415 |
| | | | | |
| 500.200 | Certificate namespace=monitor, certificate=mon-elastic-services-ca-crt is expiring soon on | namespace=monitor.certificate= | major | 2024-02-28T06:48: |
| | 2024-03-13, 23:59:34 | mon-elastic-services-ca-crt | | 15.825511 |
| | | | | |
+----------+-----------------------------------------------------------------------------------------------+--------------------------------+----------+-------------------+
Test Activity
-------------
debugging request
Workaround
----------
not required |
Brief Description
-----------------
Alarm 500.200 is raised before the alarm-before window
Severity
--------
major
Steps to Reproduce
------------------
Consider the following values for certificate managed by cert-manager
alarm-before = 30days(default value set by system for all certs)
renew-before = 14days 2 hours
duration = 182days 12 hours
since the renew-before < alarm-before, the threshold to raise the alarm is set to 14days(audit only considers days), notice the timestamp of alarm in timestamp/logs section "2024-02-28T06:48:16.388415"(the full audit might have triggered which has 24h interval or cert-alarm service restarted from node reboot, lock/unlock) for an alarm that is expiring on "2024-03-13, 23:59:34" the difference is 14days(14 days, 17 hours, 11 minutes and 18 seconds exactly but we only consider days), hence the cert-alarm service started raising this alarm.
And the certificate got renewed around Wed Feb 28 16:51:48 2024(UTC time is 21:51:48) by cert-manager, so when the next hourly audit ran the alarm got cleared.
so user will notice the alarm between Wed feb 28 6:48 to Web feb 28 16:51+next hourly audit scheduled = 12hours approximately on Wed feb 28th
Expected Behavior
------------------
alarm should not be raised before the renew-before time
Actual Behavior
----------------
alarm raised before the renew-before time
Reproducibility
---------------
100%
System Configuration
--------------------
all lab types
stx 8.0
Branch/Pull Time/Commit
-----------------------
na
Last Pass
---------
na
Timestamp/Logs
--------------
~(keystone_admin)]$ fm alarm-list
+----------+-----------------------------------------------------------------------------------------------+--------------------------------+----------+-------------------+
| Alarm ID | Reason Text | Entity ID | Severity | Time Stamp |
+----------+-----------------------------------------------------------------------------------------------+--------------------------------+----------+-------------------+
| 500.200 | Certificate namespace=monitor, certificate=mon-elastic-services-extca-crt is expiring soon on | namespace=monitor.certificate= | major | 2024-02-28T06:48: |
| | 2024-03-13, 23:59:34 | mon-elastic-services-extca-crt | | 16.388415 |
| | | | | |
| 500.200 | Certificate namespace=monitor, certificate=mon-elastic-services-ca-crt is expiring soon on | namespace=monitor.certificate= | major | 2024-02-28T06:48: |
| | 2024-03-13, 23:59:34 | mon-elastic-services-ca-crt | | 15.825511 |
| | | | | |
+----------+-----------------------------------------------------------------------------------------------+--------------------------------+----------+-------------------+
Test Activity
-------------
debugging request
Workaround
----------
not required |
|