-
Notifications
You must be signed in to change notification settings - Fork 489
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Recovery documentation #5796
Comments
Is removing |
The agent wont connect in that case too...
|
For the agent, the trust bundle seems to be in I deleted |
Was it stuck in a crash loop with this error? That sounds more like a bug. Do you happen to have the rest of the logs? |
I think so, but was long enough ago I don't want to say for sure. Basically, I had a spire-server I left offline for long enough all its ca's expired. Should be able to reproduce by starting up a new spire-server with an extremely short ca time, then shut it off for a little bit until they expire, then start it back up. |
If you could managed to reproduce this again and provides us log and/or details of how to reproduce it (definitely configuration and if possible steps), that would be greatly appreciated. Did this happen in a nested deployment? Maybe if upstream is unavailable when downstream restarts this would happen. Generic documentation on recover is likely going to be hard to have, since a lot of it depends on specific configurations. Maybe we can start with a troubleshooting/faq doc and see how it goes from there. There's definitely some repeating questions on slack, it would be nice to be able to point people somewhere. |
Nothing complicated or unexpected.... No nesting, no federation. I downloaded a version of spire a while ago to my laptop. started it, had it working. when done, I shut it down. Next time I started it back up, (weeks later) it failed to start as all its ca's had expired while it was shutdown. This is something that could happen to others, so I was curious how to recover from this situation, as I hadn't found documentation on it, and it will be something others will need too if it ever happens to them. |
I tried to reproduce this by setting
It likely depends a lot on the configuration, though. Do you happen to have the configuration for spire server at the time (e.g. KeyManager and/or UpstreamAuthority plugins)? |
I think it was probably:
|
I notice a version number in your config, 1.7.2. Does tha match the version of spire-server? |
If your server is down for too long, how do you recover?
The server does not start with something like:
The text was updated successfully, but these errors were encountered: