SCIONLab updating TRCs and Certificates Postmortem #454
Description
- Updating core certs in ISD 17 via Coordinator GUI took some time to finish. Just annoying, not an error, but probably we can improve the algorithm we use for batches.
- Some machines didn't pick up the new core certificates for at least some hours. This could be an error.
- There is no "Update about to expire certs" command or GUI option. This would be a huge improvement. Or a configuration option to automatically do it before e.g. 3 days of expiry time.
- In the coordinator configuration, link between 1001 and 1108 was misconfigured. This is either a bug, a misconfiguration or a DB corruption?
- There is no easy command to diagnose our scionlab infrastructure. This would be a huge improvement.
- E.g.
diagnosewould check this host has scion configuration (sciond, dispatcher), has access to the control service, then to all border routers in this AS, then to a predifined list of hosts inside our infrastructure, etc. - Whenever a problem was found, we can even print out the corresponding log file.
- Then we run it again the the next machine that has an issue.
- E.g.