Details
-
Bug
-
Resolution: Fixed
-
Test Blocker
-
7.1.0
-
Centos 7 64 bit; CB EE 7.1.0-1274
-
Untriaged
-
Centos 64-bit
-
-
1
-
Yes
Description
Steps to repo
1. Create a 1 node cluster (.215 node)
2. Create 2 root CAs, with the first CA having 2 intermediate certs, and the second just one
spec = {
|
"number_of_CAs": 2, # Total number of trusted CAs to be generated for a cluster
|
"int_certs_per_CA": 1, # Total number of intermediate certs to createper CA
|
"structure": {
|
"r1":
|
{
|
"i": 2
|
},
|
}
|
}
|
3. Copy both CAs to inbox/CA folder on .215 node
4. Generate node certificate from the first intermediate cert of first CA, and copy key & pem to .215 node's inbox folder
[root@sa1709 inbox]# ls
|
CA chain.pem pkey.key
|
|
|
[root@sa1709 inbox]# cd CA
|
|
|
[root@sa1709 CA]# ls
|
r1_ca.pem r2_ca.pem
|
5. loadTrustedCAs
works fine
6. Now, reload node cert
fails with unexpected server error
In error.log
[ns_server:error,2021-09-13T22:26:21.656-07:00,ns_1@cb.local:<0.6339.0>:menelaus_util:reply_server_error:206]Server error during processing: ["web request failed",
|
{path,"/node/controller/reloadCertificate"},
|
{method,'POST'},
|
{type,throw},
|
{what,
|
{invalid_json,
|
{{error,insufficient_data},<<>>}}},
|
{trace,
|
[{ejson,nif_decode,1,
|
[{file,
|
"/home/couchbase/jenkins/workspace/couchbase-server-unix/couchdb/src/ejson/ejson.erl"},
|
{line,45}]},
|
{menelaus_web_cert,
|
handle_reload_node_certificate,1,
|
[{file,"src/menelaus_web_cert.erl"},
|
{line,207}]},
|
{request_throttler,do_request,3,
|
[{file,"src/request_throttler.erl"},
|
{line,58}]},
|
{menelaus_util,handle_request,2,
|
[{file,"src/menelaus_util.erl"},
|
{line,217}]},
|
{mochiweb_http,headers,6,
|
[{file,
|
"/home/couchbase/jenkins/workspace/couchbase-server-unix/couchdb/src/mochiweb/mochiweb_http.erl"},
|
{line,150}]},
|
{proc_lib,init_p_do_apply,3,
|
[{file,"proc_lib.erl"},{line,249}]}]}]
|
Attachments
| For Gerrit Dashboard: MB-48443 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 161623,2 | MB-48443: Treat empty data as no data in GET reloadCert | master | ns_server | Status: MERGED | +2 | +1 |