In debugging a failure of all Airflow jobs running via skein, we found an expired certificate (details below). This seems to have been generated only one-time and probably needs to be puppetized.
(base) btullis@an-launcher1002:/srv/airflow-analytics/.skein$ sudo openssl x509 -in skein.crt -text Certificate: Data: Version: 3 (0x2) Serial Number: 60:82:23:5a:85:63:ab:b4:cb:a4:ab:c0:3b:15:91:7a:be:3e:c1:14 Signature Algorithm: sha256WithRSAEncryption Issuer: CN = skein-internal Validity Not Before: Feb 10 16:52:16 2022 GMT Not After : Feb 10 16:52:16 2023 GMT Subject: CN = skein-internal Subject Ben Tullis6:06 PM (base) btullis@an-launcher1002:/srv/airflow-analytics/.skein$ skein config --help usage: skein config [--help] command ... Manage configuration positional arguments: command gencerts Generate security credentials. Creates a self-signed TLS key/certificate pair for securing Skein communication, and writes it to the skein configuration directory ("~.skein/" by default). optional arguments:
AC:
- skein certificates are managed with Puppet
- certificates are renewed automatically before their expiration date
- alert is raised if certificates are about to expire