BitBucket RDS Certificate Update

BitBucket relies on RDS for user management and a few other light data tasks, and all communication between BitBucket and RDS is over HTTPS.  As such, the RDS-CA certificate will need to be updated periodically.  The only certificate you need to update is the one in RDS.  There is no certificate you will need to manually update on the BitBucket instance.

The maximum impact will be that the BitBucket server needs to be restarted.  Elasticache and Turbot web/worker instances should not need to be restarted since the address of the CMDB is not changing.  If taking RDS offline causes BitBucket to be unresponsive, you may see some CMDB errors on resources changed during the update.  These should clear once BitBucket comes back online.

 

To update the certificate via RDS:

Navigate to the RDS console page.  Once it loads, you should receive a popup:

Screen_Shot_2020-02-19_at_10.54.19_AM.png

Click "View pending maintenance actions".  (If you do not receive a popup, click on "Certificate update" in the left hand navigation column.)

 

On the next page, click the radio button next to the database that needs the update and choose either the "Update now" or "Update at the next maintenance window" button:

Screen_Shot_2020-02-19_at_10.54.54_AM.png

(You can safely do the update live, as it will not adversely affect the usability of your Turbot or AWS environments.)

 

Once you chose from the above options, you will receive a popup (it is the same for both options):

Screen_Shot_2020-02-19_at_10.55.31_AM.png

Click the checkbox and "Apply now".  (Remember, there is no SSL certificate on the BitBucket instance itself, so you can safely proceed without any further intervention.)

 

After applying, check the status of the update on the current screen:

Screen_Shot_2020-02-19_at_10.56.38_AM.png

Once the database disappears from the list, click "Databases" in the left-hand navigation column and open the database in the list.  Once open, check to ensure the "Certificate authority date" has been updated.

 

After verifying the certificate has been updated, we need to check the CMDB status in the Turbot console.  First, reboot your BitBucket server's EC2 instance from the EC2 console.

Next, from your Turbot Master account, navigate to the Controls tab and search for "repo exists":

Screen_Shot_2020-02-19_at_11.06.15_AM.png

Open the control and run a check.  If you get an OK, no further action is required.  If you receive an Alarm on the control, send an email to help@turbot.com so we can help troubleshoot the issue.

Was this article helpful?
0 out of 0 found this helpful