Open Cryptophobia opened 6 years ago
From @deis-admin on January 19, 2017 23:43
From @benwilber on September 16, 2015 0:35
@msull92 can you try replacing the spaces with %20
edit:
with etcdctl
you should be able to remove /deis/certs/<common name>/cert
and /deis/certs/<common name>/key
replace spaces in <common name>
with %20
.
This is definitely a bug that deis
controller doesn't url escape keys (even though etcd
itself does.) deis
controller itself can't write url-escaped keys because then they'll be double-escaped by etcd
.
From @deis-admin on January 19, 2017 23:43
From @msull92 on September 16, 2015 14:57
I would love to do that, but it's not even showing up in etcdctl, see below:
Yet it still shows up with the client call.
From @deis-admin on January 19, 2017 23:43
From @msull92 on September 16, 2015 14:57
@benwilber forgot to tag you
From @deis-admin on January 19, 2017 23:43
From @carmstrong on September 16, 2015 15:9
@msull92 It looks like the certificate has been cleared from etcd (and thus shouldn't be served any longer by the router), but is still there in our database.
Do you see an error when you try to delete it? If you could also paste the logs from the controller component when you try to delete the certificate, that'd be helpful. Thanks!
From @deis-admin on January 19, 2017 23:43
From @msull92 on September 16, 2015 15:44
@carmstrong
This causes the log below.
From @deis-admin on January 19, 2017 23:43
From @msull92 on October 21, 2015 5:9
This has since caused an issue with restarting the controller because it tries to load in the certs from the database into etcd and fails because that cert causes an error. So others can find this later I will attach the stack trace.
Traceback (most recent call last):
File "./manage.py", line 13, in <module>
execute_from_command_line(sys.argv)
File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 399, in execute_from_command_line
utility.execute()
File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 392, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/lib/python2.7/site-packages/django/core/management/base.py", line 242, in run_from_argv
self.execute(*args, **options.__dict__)
File "/usr/lib/python2.7/site-packages/django/core/management/base.py", line 285, in execute
output = self.handle(*args, **options)
File "/app/api/management/commands/load_db_state_to_etcd.py", line 15, in handle
obj.save()
File "/app/api/models.py", line 1049, in save
return super(Certificate, self).save(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/django/db/models/base.py", line 545, in save
force_update=force_update, update_fields=update_fields)
File "/usr/lib/python2.7/site-packages/django/db/models/base.py", line 582, in save_base
update_fields=update_fields, raw=raw, using=using)
File "/usr/lib/python2.7/site-packages/django/dispatch/dispatcher.py", line 185, in send
response = receiver(signal=self, sender=sender, **named)
File "/app/api/models.py", line 1166, in _etcd_publish_cert
_etcd_client.write('/deis/certs/{}/cert'.format(cert), cert.certificate)
File "/usr/lib/python2.7/site-packages/etcd/client.py", line 269, in write
response = self.api_execute(path, method, params=params)
File "/usr/lib/python2.7/site-packages/etcd/client.py", line 582, in api_execute
return self._handle_server_response(response)
File "/usr/lib/python2.7/site-packages/etcd/client.py", line 600, in _handle_server_response
raise etcd.EtcdException(resp)
etcd.EtcdException
To fix this, log into the database and remove the offending cert from the api_certificate
table.
Note: Not sure if it will matter, but just for completeness; I am running a stateless platform on AWS. v1.11.1
From @deis-admin on January 19, 2017 23:43
From @msull92 on September 15, 2015 18:14
I am having an issue removing an ssl certificate from an application where the certificate's common name has spaces in it. Is there a way to manually remove this using etcdctl?
Copied from original issue: deis/deis#4487
Copied from original issue: deis/controller#1225