Page MenuHomePhabricator
Create Task
Maniphest T209976

puppet still restarts certcentral on config changes instead of reloading it
Closed, ResolvedPublic
Actions

Description

It looks like we failed to fix this behaviour that we've already seen in the past

Nov 20 16:48:24 certcentral1001 systemd[1]: Stopping Central Certificates Service...
Nov 20 16:48:24 certcentral1001 systemd[1]: Stopped Central Certificates Service.
Nov 20 16:48:24 certcentral1001 systemd[1]: Started Central Certificates Service.
Nov 20 16:48:26 certcentral1001 certcentral-backend[3712]: SIGHUP received
Nov 20 16:48:26 certcentral1001 certcentral-backend[3712]: Missing/invalid DNS zone updater CMD timeout, using the default one: 60.00
Nov 20 16:48:26 certcentral1001 certcentral-backend[3712]: Number of certificates per status: Counter({'VALID': 4, 'INITIAL': 2})
Nov 20 16:48:26 certcentral1001 certcentral-backend[3712]: Creating initial self-signed certificate for netbox / ec-prime256v1
Nov 20 16:48:26 certcentral1001 certcentral-backend[3712]: Creating initial self-signed certificate for netbox / rsa-2048
Nov 20 16:48:27 certcentral1001 certcentral-backend[3712]: Starting main loop...
Nov 20 16:48:27 certcentral1001 certcentral-backend[3712]: Handling new certificate event for netbox / ec-prime256v1
[... log continues as expected .... ]

Details

SubjectRepoBranchLines +/-
certcentral: Ensure that the service gets reloaded instead of restartedoperations/puppetproduction+7 -4
Customize query in gerrit

Event Timeline

Vgutierrez created this task.Nov 20 2018, 5:09 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 20 2018, 5:09 PM
Vgutierrez triaged this task as Medium priority.Nov 22 2018, 10:00 AM
gerritbot subscribed.Nov 28 2018, 9:51 AM

Change 476223 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] certcentral: Ensure that the service gets reloaded instead of restarted

https://gerrit.wikimedia.org/r/476223

gerritbot added a project: Patch-For-Review.Nov 28 2018, 9:51 AM
gerritbot added a comment.Nov 28 2018, 10:17 AM

Change 476223 merged by Vgutierrez:
[operations/puppet@production] certcentral: Ensure that the service gets reloaded instead of restarted

https://gerrit.wikimedia.org/r/476223

Vgutierrez closed this task as Resolved.EditedNov 28 2018, 3:01 PM
Vgutierrez claimed this task.
Vgutierrez removed a project: Patch-For-Review.

After applying change 476223 certcentral gets reloaded instead of restarted:

Nov 28 14:59:24 certcentral1001 systemd[1]: Reloading Central Certificates Service.
Nov 28 14:59:24 certcentral1001 certcentral-backend[8314]: SIGHUP received
Nov 28 14:59:24 certcentral1001 systemd[1]: Reloaded Central Certificates Service.
Nov 28 14:59:24 certcentral1001 certcentral-backend[8314]: Missing/invalid DNS zone updater CMD timeout, using the default one: 60.00
Nov 28 14:59:24 certcentral1001 certcentral-backend[8314]: New configured certificates: {'dumps'}
Nov 28 14:59:24 certcentral1001 certcentral-backend[8314]: Number of certificates per status: Counter({'VALID': 14, 'INITIAL': 2})
.....
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL