Entrust Validation Authority has the following known issues.
- evactl logs not forwarded to Splunk (EDM-13275)
- Temporary Kubernetes pods may run after command completion (ATEAM-16336)
- Running shims not moved after a node dies (PKIPM-1090)
- Newly deployed status after command execution (ATEAM-16337)
- Large kmdata files not supported (ATEAM-16338)
- ImportBatch.Failed error (ATEAM-17462)
- Database validation error (ATEAM-17466)
evactl logs not forwarded to Splunk (EDM-13275)
When integrated with a Splunk server, PKI Hub does not forward logs recording evactl commands. However, these logs can be browsed using the Grafana portal.
See the PKI Hub guide for integrating a Splunk server or browsing logs in the Grafana portal.
Temporary Kubernetes pods may run after command completion (ATEAM-16336)
Temporary Kubernetes pods may run after the completion of an evactl command. These pods will be deleted when deploying and do not compromise the Entrust Validation Authority operation or the execution of more evactl commands.
Running shims not moved after a node dies (PKIPM-1090)
When a node dies, Entrust Validation Authority does not move pod running shims to an alive node. Therefore, these shims stop updating the database.
Workaround: Wait until the dead node returns, or kill the pod as follows.
List the pods.
sudo kubectl get pods -n eva -o wideKill the dead pod. For example:
sudo kubectl -n eva delete pod --force eva-cagwshim-n-0
Newly deployed status after command execution (ATEAM-16337)
After running some evactl commands, the Management Console of PKI Hub displays Entrust Validation Authority as newly deployed.
Large kmdata files not supported (ATEAM-16338)
The evactl import-nshield command does not support large kmdata files.
ImportBatch.Failed error (ATEAM-17462)
Time synchronization discrepancies between the Entrust Validation Authority and the Entrust Security Manager hosts may result in both:
- Empty
LastEventDatecolumn values in theMetadatatable. - The
ImportBatch.Failederror with theGetEventBatchErrormessage.
Workaround: Manually set the empty values if the LastEventDate column – for example:
UPDATE metadataSET lastEventDate = 946684800000000000WHERE issuerNameHash = $issuerNameHash AND issuerKeyHash = $issuerKeyHash;Where:
$issuerNameHashis the value of theissuerNameHashcolumn in the records with an emptylastEventDatevalue.$issuerKeyHashis the value of theissuerKeyHashcolumn in the records with an emptylastEventDatevalue.
Database validation error (ATEAM-17466)
The Management Console displays a validation error when:
- Importing a configuration file containing a non-empty database
sslValidationCertvalue. - Setting the SSL Mode database configuration to disable.
Workaround: Delete the sslValidationCert value in the configuration file before importing it.