Unmaintained repository. Development moved to: https://github.com/nordic-institute/X-Road-development
19
stars
8
forks
source link
As an X-Road operator I want there is an option to disable signer not to try to fetch the OCSP responses in a case of Configuration Proxy and Central Server so that logs are not filled with non-relative messages #121
Problem
Signer is trying to fetch the OCSP responses when it operates in Configuration Proxy and Central Server. These operations are giving error messages into signer.log and the log is filled with non-relative error in vain. Errors are caused by the reason that the global configuration structure is different than is expected by the signer. However, signer in Configuration Proxy (and in Central Server) does not need to fetch the OCSP responses (there is no need for OCSP responses). So the fetching of OCSP responses can be disabled by an option.
As a result of this issue, a new parameter is created to enable/disable signer OCSP response fetching.
See the below snippet what kind of error messages are created by signer when operating in Configuration Proxy:
/var/log/xroad/signer.log.
2017-01-30 09:42:54,989 INFO [Signer-akka.actor.default-dispatcher-193] e.r.x.c.c.g.ConfigurationDirectoryV2 - /etc/xroad/globalconf/PROXY1/GOF/shared-params.xml expired on 2017-01-27T13:36:02.000+02:00
2017-01-30 09:42:54,989 WARN [Signer-akka.actor.default-dispatcher-193] e.r.x.c.c.globalconf.GlobalConfImpl - Global configuration is invalid: {}
ee.ria.xroad.common.CodedException: OutdatedGlobalConf: /etc/xroad/globalconf/PROXY1/GOF/shared-params.xml is too old
...
2017-01-30 09:42:54,989 INFO [Signer-akka.actor.default-dispatcher-192] ee.ria.xroad.signer.OcspClientJob - OCSP-response refresh cycle failed due to invalid global configuration, switching to global configuration recovery schedule
2017-01-30 09:43:49,666 INFO [Signer-akka.actor.default-dispatcher-196] e.r.x.c.c.g.ConfigurationDirectoryV2 - /etc/xroad/globalconf/PROXY1/GOF/shared-params.xml expired on 2017-01-27T13:36:02.000+02:00
2017-01-30 09:43:49,671 WARN [Signer-akka.actor.default-dispatcher-196] e.r.x.c.c.globalconf.GlobalConfImpl - Global configuration is invalid: {} `
Acceptance criteria
New parameter is created to enable/disable signer OCSP response fetching in Configuration Proxy and Central #Server
hanhaka
commented
7 years ago
Affected components: signer Affected documentation: ug-syspar_x-road_v6_system_parameters.md Estimated delivery: Q2/2017 External reference: https://jira.csc.fi/browse/PVAYLADEV-685
Problem Signer is trying to fetch the OCSP responses when it operates in Configuration Proxy and Central Server. These operations are giving error messages into signer.log and the log is filled with non-relative error in vain. Errors are caused by the reason that the global configuration structure is different than is expected by the signer. However, signer in Configuration Proxy (and in Central Server) does not need to fetch the OCSP responses (there is no need for OCSP responses). So the fetching of OCSP responses can be disabled by an option.
As a result of this issue, a new parameter is created to enable/disable signer OCSP response fetching.
See the below snippet what kind of error messages are created by signer when operating in Configuration Proxy:
/var/log/xroad/signer.log.
2017-01-30 09:42:54,989 INFO [Signer-akka.actor.default-dispatcher-193] e.r.x.c.c.g.ConfigurationDirectoryV2 - /etc/xroad/globalconf/PROXY1/GOF/shared-params.xml expired on 2017-01-27T13:36:02.000+02:00 2017-01-30 09:42:54,989 WARN [Signer-akka.actor.default-dispatcher-193] e.r.x.c.c.globalconf.GlobalConfImpl - Global configuration is invalid: {} ee.ria.xroad.common.CodedException: OutdatedGlobalConf: /etc/xroad/globalconf/PROXY1/GOF/shared-params.xml is too old ... 2017-01-30 09:42:54,989 INFO [Signer-akka.actor.default-dispatcher-192] ee.ria.xroad.signer.OcspClientJob - OCSP-response refresh cycle failed due to invalid global configuration, switching to global configuration recovery schedule 2017-01-30 09:43:49,666 INFO [Signer-akka.actor.default-dispatcher-196] e.r.x.c.c.g.ConfigurationDirectoryV2 - /etc/xroad/globalconf/PROXY1/GOF/shared-params.xml expired on 2017-01-27T13:36:02.000+02:00 2017-01-30 09:43:49,671 WARN [Signer-akka.actor.default-dispatcher-196] e.r.x.c.c.globalconf.GlobalConfImpl - Global configuration is invalid: {} `
Acceptance criteria