Details
-
Type:
Bug
-
Status: Reopened
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Puppet Server
-
Labels:
-
Template:customfield_10700 56404
-
Epic Link:
-
Team:Server
-
Method Found:Customer Feedback
-
CS Priority:Major
-
CS Frequency:3 - 25-50% of Customers
-
CS Severity:4 - Major
-
CS Business Value:4 - $$$$$
-
CS Impact:The CRL process does not seem to lock the file as it should, this can lead to duplicate indexes or corruption. As we have more customers with more dynamic workloads that add or remove nodes automatically this will become more and more of an issue.
Description
It seems like there is no locking when the server is revoking a cert and updating the CRL file. This should have similar locking as when it issues new certs and updates the inventory and serial files.
The code in question is here: https://github.com/puppetlabs/puppet-server/blob/master/src/clj/puppetlabs/puppetserver/certificate_authority.clj#L977-L989
This is the same issue as PUP-2189 really, except for the clojure code.
Attachments
Issue Links
- is blocked by
-
SERVER-1999 Investigate puppet server CRL handling for atomicity
-
- Closed
-
- relates to
-
-
- Closed
-
-
SERVER-2125 Stop storing CA data on filesystem
-
- Accepted
-
