Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Register gateway on sync #718

Merged
merged 3 commits into from
Nov 16, 2023
Merged

fix: Register gateway on sync #718

merged 3 commits into from
Nov 16, 2023

Conversation

sdsantos
Copy link
Collaborator

Closes #714

Also fixes 2 issues I found:

  • Certificates weren't deleted if expired, because that method was called after the never-ending public sync method
  • The gateway certificate we received expires after 30 days, and we were always renewing them if the expiration date was less than 90 days (changed to 25 days)

@gnarea
Copy link
Member

gnarea commented Oct 31, 2023
edited
Loading

Thanks!

The PR LGTM but I won't be able to test it today and I want to check a few different scenarios, so I'll approve/merge it tomorrow.

The gateway certificate we received expires after 30 days

Are you sure? I can investigate this tomorrow, but I had a quick check and we're setting it to 6 months, so if the certificate you get expires after 30 days, then that's a bug in the Internet Gateway or the Awala JVM lib... And we shouldn't change that here because it really has to be valid for a few months.

@sdsantos
Copy link
Collaborator Author

The gateway certificate we received expires after 30 days

Are you sure? I can investigate this tomorrow, but I had a quick check and we're setting it to 6 months, so if the certificate you get expires after 30 days, then that's a bug in the Internet Gateway or the Awala JVM lib... And we shouldn't change that here because it really has to be valid for a few months.

Just tested again on a fresh install and the privateNodeCertificate we get back inside the PrivateNodeRegistration is expiring at 2024-01-26T20:56:37Z[Europe/Lisbon].

@gnarea
Copy link
Member

gnarea commented Nov 16, 2023

It's a bug in the Internet Gateway: I wasn't being alerted to the fact that the daily certificate rotation job is failing, so the last certificate that was successfully generated expires on 26th Jan 2024... Which means that all the certificates it issues will have that expiry date too.

So, can you please undo the change you made to renew the certificate every 25 days?

@sdsantos
Copy link
Collaborator Author

@gnarea reverted.

gnarea
gnarea approved these changes Nov 16, 2023
View reviewed changes
Copy link
Member

@gnarea gnarea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@gnarea gnarea added the automerge Allow kodiak to automerge commit when all checks pass label Nov 16, 2023
@kodiakhq kodiakhq bot merged commit 57abf03 into master Nov 16, 2023
5 checks passed
@kodiakhq kodiakhq bot deleted the register-on-sync branch November 16, 2023 16:47
@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 1.8.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gnarea gnarea gnarea approved these changes

Assignees
No one assigned
Labels
automerge Allow kodiak to automerge commit when all checks pass released
Projects
None yet
Milestone
No milestone
2 participants
@sdsantos @gnarea