Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-115

Concurrent access to the CRL can corrupt it

    Details

    • Type: Bug
    • Status: Reopened
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Puppet Server
    • Labels:
    • CS Priority:
      Major
    • CS Frequency:
      3 - 25-50% of Customers
    • CS Severity:
      4 - Major
    • CS Business Value:
      4 - $$$$$
    • CS Impact:
      The CRL process does not seem to lock the file as it should, this can lead to duplicate indexes or corruption. As we have more customers with more dynamic workloads that add or remove nodes automatically this will become more and more of an issue.

      Description

      It seems like there is no locking when the server is revoking a cert and updating the CRL file. This should have similar locking as when it issues new certs and updates the inventory and serial files.

      The code in question is here: https://github.com/puppetlabs/puppet-server/blob/master/src/clj/puppetlabs/puppetserver/certificate_authority.clj#L977-L989

      This is the same issue as PUP-2189 really, except for the clojure code.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  dalen Erik Dalén
                  QA Contact:
                  Erik Dasher
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  16 Start watching this issue

                  Dates

                  • Created:
                    Updated: