Details
-
Improvement
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
SERVER 5.3.8, SERVER 6.3.0
-
Froyo
-
Major
-
35116,38360
-
2
-
2,000
-
Enhancement
-
The Puppet Server CA will now write all of its files atomically, preventing an issue where CRLs could be read partway through being written, resulting in a failed load and corruping CA state.
-
Needs Assessment
Description
When issuing or revoking certificates, the Puppet Server must update files that hold the state of the certificate authority. Currently, this is done by opening the file as O_WRONLY|O_CREAT|O_TRUNC and re-writing the entire thing. This approach means that a sudden halt, such as an OutOfMemory kill or exhaustion of disk space, will interrupt the file write and leave incomplete, corrupted state behind. To mitigate this, Puppet Server should use atomic file operations when updating CA state files like the CRL, inventory, and serial number.
In addition, if another thread attempts to read these files while they are being written, an incomplete version will be read into memory, causing a local problem, even if the file ultimately writes to completion.
Suggested Approach
When updating CA state files, Puppet Server should:
- Write the new content to a temporary file, then fsync it
- Move the temporary file into place, then fsync the directory containing the file
If the server is interrupted before step 2 completes, then the previously valid file will remain.
Attachments
Issue Links
- relates to
-
SERVER-115 Concurrent access to the CRL can corrupt it
-
- Resolved
-
-
-
- Closed
-
