[SERVER-2334] Make CA CLI check that server is offline before generating offline certs - Puppet Jira Server

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Acceptance Criteria:
- the generate --ca-client command makes sure the server isn't running before generating certs
Epic Link:
Server CA CLI
Team:
Froyo

QA Risk Assessment:
Needs Assessment

Description

We recently added a flag to the generate command that allows a user to generate a CA client cert offline. We should update this flag to check that the server is not running before generating the certs, to ensure that we can't accidentally wind up with a race condition where the server signs a cert at the same time we do, and a serial number gets lost.

It might be that this work will also enable us to fail more gracefully in general when the server isn't running. We should look for a general-purpose way of improving both these cases.

Attachments

Issue Links

relates to

SERVER-2320 Add a CA CLI command for generating a master cert offline

Closed

Sub-Tasks

1.	Register the CA service with the status service		Closed	Maggie Dreyer
2.	Query status endpoint for CA status before generating offline certs		Resolved	Maggie Dreyer

Activity

People

Assignee:: Maggie Dreyer

Reporter:: Maggie Dreyer

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2018/09/25 7:06 PM

Updated:: 2018/10/25 9:04 AM

Resolved:: 2018/10/18 4:20 PM