Project

General

Profile

Actions

Bug #19078

closed

It's extremely difficult for an user to know there's a problem with root certificates

Added by François ARMAND over 3 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
N/A
Category:
System integration
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

We had a case very hard to diagnose on gitter: https://gitter.im/normation/rudder?at=60589649bc554b42d6180756 (and related comments).

The problem was that there was an inconsistency between the root server private key and certificate because of a partial backup restauration (the user wasn't aware of that either).

This is typically the example of thing that should be checked in the healthcheck:

- it's a rare occurence, so neither users nor rudder dev think to it first hand,
- the debugin is not easy, it needs to analyse logs, see that there is some openssl errors that matters, etc
- documentation won't help: of course private and public key must match. And of course a backup should not be partial.

But it's something easy to check automatically, since it's an invariant, one of these truth that must hold at all time.
(and the check by itself should be easy enought, we just need to check that the private/public keys/certificates matches (https://stackoverflow.com/questions/49426844/how-to-validate-a-public-and-private-key-pair-in-java))

Actions #1

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.2.5 to 6.2.6
Actions #2

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.2.6 to 6.2.7
Actions #3

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.2.7 to 6.2.8
Actions #4

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.2.8 to 6.2.9
  • Priority changed from 80 to 77
Actions #5

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.2.9 to 6.2.10
Actions #6

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.2.10 to 6.2.11
  • Priority changed from 77 to 75
Actions #7

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.2.11 to 6.2.12
  • Priority changed from 75 to 72
Actions #8

Updated by Vincent MEMBRÉ almost 3 years ago

  • Target version changed from 6.2.12 to 6.2.13
  • Priority changed from 72 to 71
Actions #9

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.2.13 to 6.2.14
  • Priority changed from 71 to 67
Actions #10

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.2.14 to 6.2.15
Actions #11

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.2.15 to 6.2.16
Actions #12

Updated by Alexis Mousset over 2 years ago

  • Target version changed from 6.2.16 to 6.2.17
Actions #13

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 6.2.17 to 997
  • Priority changed from 67 to 0
Actions #14

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 997 to 6.2.18
Actions #15

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 6.2.18 to 6.2.19
Actions #16

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 6.2.19 to 6.2.20
Actions #17

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 6.2.20 to old 6.2 issues to relocate
Actions #18

Updated by Alexis Mousset over 1 year ago

  • Subject changed from It's extremelly difficult for an user to know there's a problem with root certificates to It's extremely difficult for an user to know there's a problem with root certificates
  • Regression set to No
Actions #19

Updated by Alexis Mousset over 1 year ago

It's now done by rudder agent check

Actions #20

Updated by Alexis Mousset over 1 year ago

  • Status changed from New to Resolved
Actions

Also available in: Atom PDF