[
https://issues.apache.org/jira/browse/HDDS-9042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
István Fajth updated HDDS-9042:
-------------------------------
Parent: HDDS-7332
Issue Type: Sub-task (was: Bug)
> [ozone-cert-rotation][ozone] Multiple InternalCA were created
> -------------------------------------------------------------
>
> Key: HDDS-9042
> URL: https://issues.apache.org/jira/browse/HDDS-9042
> Project: Apache Ozone
> Issue Type: Sub-task
> Components: Ozone Manager
> Affects Versions: 1.4.0
> Reporter: Soumitra Sulav
> Priority: Critical
> Labels: pki
> Fix For: 1.4.0
>
>
> Below configs were used.
> {code:java}
> <property><name>hdds.x509.max.duration</name><value>P5D</value></property><property><name>hdds.x509.default.duration</name><value>PT1H</value></property><property><name>hdds.x509.renew.grace.duration</name><value>PT50M</value></property><property><name>hdds.x509.ca.rotation.check.interval</name><value>PT30M</value></property><property><name>hdds.block.token.expiry.time</name><value>15m</value></property><property><name>ozone.manager.delegation.token.renew-interval</name><value>15m</value></property><property><name>ozone.manager.delegation.token.max-lifetime</name><value>30m</value></property>
> {code}
> Based on the above config, every 10 minutes new config will be generated.
> *Observation (E.g. om) :*
> * There were some delays in a few of the certificate generation.
> * Multiple certificates generated at the same time with the same expiry and
> same CN (different Sl. No.)
> {code:java}
> 54179279105237591 Wed Jul 19 15:29:58 UTC 2023 Wed Jul 19 16:29:58 UTC 2023
>
> [email protected],OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
>
> CN=scm-sub-54179249046570...@quasar-hkdejw-1.quasar-hkdejw.root.hwx.site,OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
> 54179872955682725 Wed Jul 19 15:39:51 UTC 2023 Wed Jul 19 16:39:51 UTC 2023
>
> [email protected],OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
>
> CN=scm-sub-54179249046570...@quasar-hkdejw-1.quasar-hkdejw.root.hwx.site,OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
> 54179875311720227 Wed Jul 19 15:39:54 UTC 2023 Wed Jul 19 16:39:54 UTC 2023
>
> [email protected],OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
>
> CN=scm-sub-54179249046570...@quasar-hkdejw-1.quasar-hkdejw.root.hwx.site,OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
> 54179879754295550 Wed Jul 19 15:39:58 UTC 2023 Wed Jul 19 16:39:58 UTC 2023
>
> [email protected],OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
>
> CN=scm-sub-54179249046570...@quasar-hkdejw-1.quasar-hkdejw.root.hwx.site,OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
> 54180872472759626 Wed Jul 19 15:56:31 UTC 2023 Wed Jul 19 16:56:31 UTC 2023
>
> [email protected],OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
>
> CN=scm-sub-54179249046570...@quasar-hkdejw-1.quasar-hkdejw.root.hwx.site,OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
> 54180875391421145 Wed Jul 19 15:56:34 UTC 2023 Wed Jul 19 16:56:34 UTC 2023
>
> [email protected],OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
>
> CN=scm-sub-54179249046570...@quasar-hkdejw-1.quasar-hkdejw.root.hwx.site,OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
> 54180879428435773 Wed Jul 19 15:56:38 UTC 2023 Wed Jul 19 16:56:38 UTC 2023
>
> [email protected],OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
>
> CN=scm-sub-54179249046570...@quasar-hkdejw-1.quasar-hkdejw.root.hwx.site,OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
> 54181805046269983 Wed Jul 19 16:12:03 UTC 2023 Wed Jul 19 17:12:03 UTC 2023
>
> [email protected],OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
>
> CN=scm-sub-54179249046570...@quasar-hkdejw-1.quasar-hkdejw.root.hwx.site,OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
> 54181807590705776 Wed Jul 19 16:12:06 UTC 2023 Wed Jul 19 17:12:06 UTC 2023
>
> [email protected],OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
>
> CN=scm-sub-54179249046570...@quasar-hkdejw-1.quasar-hkdejw.root.hwx.site,OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
> 54181807732629049 Wed Jul 19 16:12:06 UTC 2023 Wed Jul 19 17:12:06 UTC 2023
>
> [email protected],OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
>
> CN=scm-sub-54179249046570...@quasar-hkdejw-1.quasar-hkdejw.root.hwx.site,OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
> 54181810223644744 Wed Jul 19 16:12:09 UTC 2023 Wed Jul 19 17:12:09 UTC 2023
>
> [email protected],OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
>
> CN=scm-sub-54179249046570...@quasar-hkdejw-1.quasar-hkdejw.root.hwx.site,OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
> 54181810247901998 Wed Jul 19 16:12:09 UTC 2023 Wed Jul 19 17:12:09 UTC 2023
>
> [email protected],OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
>
> CN=scm-sub-54179249046570...@quasar-hkdejw-1.quasar-hkdejw.root.hwx.site,OU=45e34b55-8f7a-4cd6-8a3d-bd5eab2a77ea,O=CID-dc676dc7-03ab-4995-a62d-5846f54b2188
> {code}
> Live Cluster stopped to preserve the state :
> https://quasar-hkdejw-1.quasar-hkdejw.root.hwx.site:7183/cmf/services/1546335626/config#q=safety
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
