Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Done
-
23.02, 22.08.7
-
2024-2
Description
cmapi creates a certification , which is valid for one year.
def create_self_signed_certificate():
|
[...]
|
).not_valid_after(
|
datetime.utcnow() + timedelta(days=365) |
If certification is expired, connections not possible anymore,
debug.log and campi log throw many connections errors.
|
|
ConnectionRefusedError: [Errno 111] Connection refused |
|
|
Could not connect to PMS0: Connection refused from PMS0
|
columnstore_review warn:
The certificate /usr/share/columnstore/cmapi/cmapi_server/self-signed.crt for cmapi https is expired. |
Workarround:
delete the certs on the server (or whatever path is defined in cmapi_server.conf)
|
|
|
/usr/share/columnstore/cmapi/self-signed.crt
|
/usr/share/columnstore/cmapi/self-signed.key
|
|
|
and
|
|
|
systemctl restart mariadb-columnstore-cmapi
|
|
|
node per node.
|
cmapi will automatically recreate the certs.
|
- cmapi should check , if certification is expired.
- campi should warn, if a certification will be expire soon.
- Either certification should be postponed automatically
or campi should log this issue clearly.
Maybe the living time of a certification and if cmapi can be automatically entended can be configured in the cmapi configuration file.