Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2334

Make CA CLI check that server is offline before generating offline certs

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:
    • Acceptance Criteria:
      • the generate --ca-client command makes sure the server isn't running before generating certs
    • Epic Link:
    • Team:
      Server
    • QA Risk Assessment:
      Needs Assessment

      Description

      We recently added a flag to the generate command that allows a user to generate a CA client cert offline. We should update this flag to check that the server is not running before generating the certs, to ensure that we can't accidentally wind up with a race condition where the server signs a cert at the same time we do, and a serial number gets lost.

      It might be that this work will also enable us to fail more gracefully in general when the server isn't running. We should look for a general-purpose way of improving both these cases.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  maggie Maggie Dreyer
                  Reporter:
                  maggie Maggie Dreyer
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: