Date Posted:
Product: TIBCO Spotfire®
Product: TIBCO Spotfire®
Problem:
Node Manager restarts to load new keystore
Solution:
The Spotfire Node Manager trust certificates are valid for 12 months. Node Manager renews its certificate within a few days of expiration. This will cause the Node Manager to shutdown workers and itself after installing the new certificate. There are lines in server.log about this process but no clear warnings in Web UI. The lines from server.log:
INFO 2018-09-25T00:08:10,171-0600 [] nodemanager.trust.CertificateMonitor: The certificate will expire in a few days.?
DEBUG 2017-09-25T00:08:20,671-0600 [] nodemanager.trust.CertificateMonitor: A new certificate was successfully returned from the server
DEBUG 2017-09-25T00:08:18,171-0600 [] nodemanager.trust.CertificateMonitor: Requesting a certificate renewal
INFO 2018-09-25T00:08:16,171-0600 [] nodemanager.trust.CertificateMonitor: The Node Manager will restart to load the new keystore.
Unexpected restart during work day resulting in lost session could be problematic.
One way to check expiration dates for the certificates is by running the command "config list-certificates -v":
1. Open a command prompt and cd into the "bin" folder of the Spotfire server. "<server install dir>\tomcat\bin"(default C:\tibco\tss\x.x.x\tomcat\bin).
2. In the command prompt run this command without the quotes "config list-certificates -v".
Sample output:
?C:\tibco\tss\7.11.1\tomcat\bin>config list-certificates -v Tool password: * Valid certificates: Subject: 'cn=TIBCO Spotfire Signing CA,o=Spotfire' Serial number: 45799d42a38802f8f52a9e753c650b6d7192dfaa Issued for node: unknown Expiration date: 2028-09-27 15:17:02 CEST Subject: 'cn=9891536a-e2a2-4343-a576-cd406e2158a6,o=Spotfire' Serial number: 6863d9231098a2aa2b720f7f806b593cfb685ae7 Issued for node: 9891536a-e2a2-4343-a576-cd406e2158a6 Expiration date: 2019-09-27 14:22:31 CEST Subject: 'cn=29b12e0d-b825-4e77-a4a4-cd73deeaf5ad,o=Spotfire' Serial number: b3adc9c241b00a6b6b2d06da38cdb9d2a922dbaa Issued for node: 29b12e0d-b825-4e77-a4a4-cd73deeaf5ad Expiration date: 2019-09-27 14:17:02 CEST Subject: 'cn=TIBCO Spotfire Root CA,o=Spotfire' Serial number: b4ed6837baa071f21e45fbafbd5e0f11c6ebb37a Issued for node: unknown Expiration date: 2028-09-27 15:17:01 CESTTo avoid unexpected restart of the Node Manager, the suggested solution is to manually re-trust the node in advance. For example, perform a planned re-trust a couple of weeks before on a weekend or non-busy hours. This process can be performed either through the web UI or command line interface.
The steps using command line would be:
- Open a command prompt and cd into the "bin" folder of the Spotfire Server. "<server install dir>\tomcat\bin"(default C:\tibco\tss\x.x.x\tomcat\bin)
- Run "config list-nodes -t configuration_tool_password " in the command line, replace configuration_tool_password with your password
- Run "config untrust-node -i node_ID -t configuration_tool_password ", replace node_ID with with remote node ID (node manager) from "list-nodes" commands output, replace configuration_tool_password with your password
- Run "config delete-node -i node_ID -t configuration_tool_password ", replace node_ID with node manager ID (from previous command), replace configuration_tool_password with your password
- Wait for couple of minutes
- Run "config trust-node -i node_ID -t configuration_tool_password ", replace node_ID with node manager ID (from previous command), replace configuration_tool_password with your password
https://docs.tibco.com/pub/spotfire_server/7.14.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-90300B25-ED26-4BB8-AA2D-E86E99DE98EE.html
Comments
0 comments
Article is closed for comments.