Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fleet cron might fail to renew device SCEP certificate #19149

Closed
roperzh opened this issue May 20, 2024 · 1 comment
Closed

Fleet cron might fail to renew device SCEP certificate #19149

roperzh opened this issue May 20, 2024 · 1 comment
Labels
bug Something isn't working as documented bug-mac-enrollment Defect in Mac enrollment. ~critical bug This is a critical bug and may require a patch release. #g-mdm MDM product group :incoming New issue in triage process. P1 Prioritize as critical :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release.
Milestone
4.49.4

Comments

@roperzh
Copy link
Member

roperzh commented May 20, 2024

Fleet version: 4.49.3

πŸ’₯ Β Actual behavior

in Dogfood, we never sent a command to renew MDM SCEP certificates to this host

πŸ§‘β€πŸ’» Β Steps to reproduce

  1. Turn on MDM features for a host
  2. Turn off MDM features, uninstall fleetd from the host
  3. Remove the host from the UI
  4. Note how the cron starts failing

πŸ•―οΈ More info (optional)

Error log is:

{
    "cron": "cleanups_then_aggregation",
    "details": "getting host cert associations: get identity certs close to expiry: sql: Scan error on column index 0, name \"host_uuid\": converting NULL to string is unsupported",
    "err": "running job",
    "instanceID": "F4N03+onyERUqS+f2MBKvwMFcPoKDEAOFS1RqqC9IHSe0jVRJaxJKk3qeUV+RVDurPWYsxa+LILuiGkbIn2rjQ==",
    "jobID": "renew_scep_certificates",
    "level": "error",
    "schedule": "cleanups_then_aggregation",
    "ts": "2024-05-20T16:18:22.155422223Z"
}
@roperzh roperzh added bug Something isn't working as documented :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release. #g-mdm MDM product group bug-mac-enrollment Defect in Mac enrollment. :incoming New issue in triage process. labels May 20, 2024
@noahtalerman noahtalerman added ~critical bug This is a critical bug and may require a patch release. P1 Prioritize as critical labels May 20, 2024
@roperzh roperzh mentioned this issue May 20, 2024
Merged
3 tasks
roperzh added a commit that referenced this issue May 20, 2024
@roperzh
fix device SCEP renewal cron if a host is deleted (#19158)
7559944 
for #19149
@georgekarrv georgekarrv added this to the 4.49.4 milestone May 20, 2024
georgekarrv pushed a commit that referenced this issue May 20, 2024
@roperzh @georgekarrv
fix device SCEP renewal cron if a host is deleted (#19158)
d625533 
for #19149
@fleet-release
Copy link
Contributor

Fleet cron stumbles,
SCEP renewal fails,
Trust restored with fix.

gillespi314 pushed a commit that referenced this issue May 23, 2024
@roperzh @gillespi314
fix device SCEP renewal cron if a host is deleted (#19158)
6babe5d 
for #19149
@roperzh roperzh mentioned this issue Jun 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working as documented bug-mac-enrollment Defect in Mac enrollment. ~critical bug This is a critical bug and may require a patch release. #g-mdm MDM product group :incoming New issue in triage process. P1 Prioritize as critical :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release.
Projects
None yet
Milestone
4.49.4
Development

No branches or pull requests
4 participants
@georgekarrv @roperzh @noahtalerman @fleet-release