On Wed, Jan 04, 2017 at 06:16:54PM +0100, Marco Gaiarin wrote: > > In a cluster of 5 PVE servers i receive, from ony one of that, logs > like: > Jan 4 17:02:52 thor pveproxy[58010]: Clearing outdated entries from > certificate cache > > before christmas, i get the same line from another server in the same > cluster (the last row): > Dec 23 09:56:28 hulk pveproxy[39515]: Clearing outdated entries from > certificate cache > > Cluster works as expected. > > > I have to be afraid for? Thanks. >
no need to be afraid. we recently introduced certificate pinning for the inter cluster proxying of API requests. to reduce the load, we cache the certificate fingerprints loaded from /etc/pve/nodes/NODE/.. , and clear the cache every 30 minutes to remove potentially stale entries (we already remove the old cached fingerprint of a node if we find a new cert when updating, which happens for example on a mismatch, so this is mainly for stuff like deleted nodes). since the cache has been live from some time now (end of november in git), and there don't seem to be any problems, maybe we can remove that log line (or demote it to a lower log level?). in retrospect I have to agree that it might sound a bit strange without having the background knowledge ;) _______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
