Project

General

Profile

Actions
Copy link

action #164207

closed

The SAN endpoints on openqa.oqa.prg2.suse.org is nearing expiration

Added by ybonatakis 8 days ago. Updated 8 days ago.

Status:
Resolved
Priority:
High
Assignee:
nicksinger
Category:
Regressions/Crashes
Target version:
openQA Project - Ready
Start date:
2024-07-19
Due date:
% Done:

0%

Estimated time:
Tags:
alert, infra, reactive work

Description

Observation

https://stats.openqa-monitor.qa.suse.de/d/E9tyiQ17k/ssl-certificate-alerts?orgId=1&viewPanel=5

Following the instruction on the alert, I restarted the nginx but the alert might indicate that our salt automation does not cover all service restarts.

Actions
Copy link
 #1

Updated by okurz 8 days ago

  • Target version set to Ready
Actions
Copy link
 #2

Updated by nicksinger 8 days ago

  • Status changed from New to Resolved
  • Assignee set to nicksinger

service could not be restarted because I introduced an syntax error with https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/1228 (related to https://progress.opensuse.org/issues/162038), I reverted this with https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/1231 and confirmed everything is good again:

ยป echo | openssl s_client -connect openqa.suse.de:443 | openssl x509 -noout -text | grep Not
depth=3 C = DE, ST = Franconia, L = Nuremberg, O = SUSE Linux Products GmbH, OU = OPS Services, CN = SUSE Trust Root, emailAddress = rd-adm@suse.de
verify return:1
depth=2 C = DE, ST = Franconia, L = Nuremberg, O = SUSE Linux Products GmbH, OU = OPS Services, CN = SUSE CA Root, emailAddress = rd-adm@suse.de
verify return:1
depth=1 C = DE, ST = Franconia, L = Nuremberg, O = SUSE Linux Products GmbH, OU = OPS Services, CN = SUSE CA all 2023.1, emailAddress = infra@suse.de
verify return:1
depth=0 CN = openqa.oqa.prg2.suse.org
verify return:1
DONE
            Not Before: Jul 18 22:30:41 2024 GMT
            Not After : Aug 17 22:31:41 2024 GMT
Actions
Copy link

Also available in: Atom PDF