Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Node failed to run because of X.509 certificate error #9133

Open
amnonh opened this issue Nov 5, 2024 · 2 comments · May be fixed by #9219
Open

Node failed to run because of X.509 certificate error #9133

amnonh opened this issue Nov 5, 2024 · 2 comments · May be fixed by #9219
Assignees
@dimakr

Comments

@amnonh
Copy link
Contributor

amnonh commented Nov 5, 2024

Test: https://jenkins.scylladb.com/job/scylla-staging/job/amnon/job/longevity-100gb-4h-test/9/ failed

The reason, a node failed with the following error:
11:26:16 2024-11-05T09:20:31.616+00:00 longevity-100gb-4h-allow-pr-db-node-9fdeb40d-5 !ERR | scylla[6924]: [shard 0:main] init - Startup failed: std::system_error (error GnuTLS:-62, Unknown Subject Alternative name in X.509 certificate.)
@amnonh amnonh removed their assignment Nov 5, 2024
@fruch
Copy link
Contributor

fruch commented Nov 12, 2024

@dimakr

do we have enough logs to investigate this one ?

i.e. printout of each certificate ? to see what we have missing here, and why ?

if not we should introduce those kind of logs, for catching this next time.

@fruch fruch closed this as completed Nov 12, 2024
@fruch fruch reopened this Nov 12, 2024
dimakr added a commit to dimakr/scylla-cluster-tests that referenced this issue Nov 14, 2024
@dimakr
improvement(tls-certs): collect and keep TLS/SSL artifacts
c91d4a2 
Collect TLS/SSL artifacts (server, client certificates; CA certificate; etc.) and
keep them after a test is finished, similarly to how logs are collected and
published.
This will facilitate root cause analysis of SCT failures caused by certificate
related issues.

Closes: scylladb#9133
dimakr added a commit to dimakr/scylla-cluster-tests that referenced this issue Nov 14, 2024
@dimakr
improvement(tls-certs): collect and keep TLS/SSL artifacts
f200dfb 
Collect TLS/SSL artifacts (server, client certificates; CA certificate; etc.) and
keep them after a test is finished, similarly to how logs are collected and
published.
This will facilitate root cause analysis of SCT failures caused by certificate
related issues.

Closes: scylladb#9133
@dimakr dimakr linked a pull request Nov 14, 2024 that will close this issue
Open
3 tasks
@dimakr
Copy link
Contributor

dimakr commented Nov 15, 2024

The reason for the issue is known and the fix #8066 addresses it. But the test was executed from the branch allow_protobu of the https://github.com/amnonh/scylla-cluster-tests SC fork, which misses the fix - the fix was merged on Jul 22 and the branch was synced with upstream on Jul 10.

But to facilitate certificates related issues analysis the PR #9219 introduces a change, so that TLS/SSL artifacts created during a test are collected (and published to Argus).

dimakr added a commit to dimakr/scylla-cluster-tests that referenced this issue Nov 15, 2024
@dimakr
improvement(tls-certs): collect and keep TLS/SSL artifacts
c456e69 
Collect TLS/SSL artifacts (server, client certificates; CA certificate; etc.) and
keep them after a test is finished, similarly to how logs are collected and
published.
This will facilitate root cause analysis of SCT failures caused by certificate
related issues.

Closes: scylladb#9133
dimakr added a commit to dimakr/scylla-cluster-tests that referenced this issue Nov 15, 2024
@dimakr
improvement(tls-certs): collect and keep TLS/SSL artifacts
107b77f 
Collect TLS/SSL artifacts (server, client certificates; CA certificate; etc.) and
keep them after a test is finished, similarly to how logs are collected and
published.
This will facilitate root cause analysis of SCT failures caused by certificate
related issues.

Closes: scylladb#9133
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dimakr dimakr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

improvement(tls-certs): collect and keep TLS/SSL artifacts dimakr/scylla-cluster-tests
3 participants
@fruch @amnonh @dimakr