Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
7.1.0
-
Centos 7 64 bit; CB EE 7.1.0-1707
-
Triaged
-
Centos 64-bit
-
-
1
-
Unknown
Description
Summary
In a mixed mode cluster of nodes:
172.23.105.219 = 6.6.3-9808
172.23.106.237 = 7.1.0-1707
172.23.107.44 = 6.6.3-9808
Making a request to get 219 node's certificate from .237
curl -v -u Administrator:password http://172.23.106.237:8091/pools/default/certificate/node/172.23.105.219:8091
|
returns
Certificate is not set up on this node
|
But it works however if you ask it from a pre-neo node ie;
curl -v -u Administrator:password http://172.23.105.219:8091/pools/default/certificate/node/172.23.105.219:8091
|
works fine
Observations
on .237 error.log
[ns_server:error,2021-11-15T04:06:02.519-08:00,ns_1@172.23.106.237:menelaus_web_cache<0.494.0>:ns_server_cert:trusted_CAs_pre_NEO:722]Node 'ns_1@172.23.105.219' doesn't seem to have node_cert key in ns_config
|
I asked Timofey if users are allowed to do that and he said:
"It should work but it doesn't currently. So strictly speaking this is a bug. But to be hones it will be hard (most likely impossible) to show self-generated certificates for pre-neo nodes on the neo node, because we don't keep it anywhere in ns_config. Probably we can say that it returns info in "new format" for new nodes only. please create a ticket for this scenario"