Project

General

Profile

Actions
Copy link

action #165434

closed

OSD SSL certificates not always refreshed within expected time, probably only after system reboots size:S

Added by okurz 3 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
nicksinger
Category:
Regressions/Crashes
Target version:
openQA Project - Ready
Start date:
2024-08-18
Due date:
% Done:

0%

Estimated time:
Tags:
osd, grafana, infra, dehydrated, ssl

Description

Observation

See Screenshot_20240818_115546.png

or live on
https://stats.openqa-monitor.qa.suse.de/d/E9tyiQ17k/ssl-certificate-alerts?orgId=1&from=1712673350510&to=1723974839587&viewPanel=5

it is expected that the SSL certificates are refreshed as visible on the left-hand side so that the validity is always at least 3 weeks. Since around 2024-05-19 it seems that the certificates are not always refreshed as before anyway although we have never ran out of a valid certificate. Today, 2024-08-18, it seems that the certificate validity period decreased to just below the 6 days alerting threshold just before OSD rebooted which seemingly triggered a refresh.

Acceptance criteria

  • AC1: OSD SSL certificates are ensured to refresh consistently well above the alerting threshold

Suggestions

Files

Screenshot_20240818_115546.png (75.9 KB) Screenshot_20240818_115546.png OSD SSL certificates not always refreshed within expected time, probably only after system reboots okurz, 2024-08-18 09:56

Related issues 2 (1 open1 closed)

Related to openQA Infrastructure - action #167458: openqa.oqa.prg2.suse.org SAN validity alertResolvednicksinger

Actions
Copied to openQA Infrastructure - action #169078: dashboard.qam.suse.de SSL certificate not deployed within expiry size:SWorkablerobert.richardson2024-11-29

Actions
Actions
Copy link

Also available in: Atom PDF