search

faisaltheparttimecoder / tanzu-certificate-exporter

A Prometheus exporter that publishes cert expirations available from the opsman API from all foundatiion
MIT License
3 stars 3 forks source link

Cache issue #6

Open onclebendusud opened 3 years ago

onclebendusud commented 3 years ago

Hi Faisal, we renewed Non-config leaf certs because they were expiring next month. Now on Certificates page (OpsMgr UI) we don't see anymore cf cert as expiring. But on /metrics from Tanzu certificate exporter application there is no update, we still see all certificates as expiring. Apply changes on TAS finished almost 2 hours ago (INTERVAL: 3600). We had the same issue on TA env, and I had to restart the application to update /metrics page. FYI we are using OPSMAN_CLIENT_ID (maybe it's the root cause?). Brgds Benoit

onclebendusud commented 3 years ago

I looked more closely at /metrics page and I see the new certificate but i still see the old ones: configurable="false",env="TLS-PROD",is_ca="false",issuer="",location="credhub",product_guid="cf-f4bf1d8d39dab11084df",property_reference="",valid_from="0001-01-01 00:00:00 +0000 UTC",valid_until="2021-03-12 10:44:25 +0000 UTC",variable_path="/bosh_dns_health_client_tls"} 2.77736776962055e+06 configurable="false",env="TLS-PROD",is_ca="false",issuer="",location="credhub",product_guid="cf-f4bf1d8d39dab11084df",property_reference="",valid_from="0001-01-01 00:00:00 +0000 UTC",valid_until="2022-02-08 06:07:27 +0000 UTC",variable_path="/bosh_dns_health_client_tls"} 3.153194976965983e+07 The problem is Grafana shows the certificate as expiring.

onclebendusud commented 3 years ago

Really strange, if i look for bosh_dns_health_server_tls I see 20 certs on /metrics page 8 are just duplicates with same valid_until values (16 total lines), 4 lines show the new valid_until values. If i look at api/v0/deployed/certificates there are only 8 (one for each product)

faisaltheparttimecoder commented 3 years ago

Hey Benoit,

Thanks for let us know, let me take a look

Thanks