Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2565

Puppet Server should use atomic file operations when updating CA state



    • Major
    • 35116,38360
    • 2
    • 2,000
    • Enhancement
    • The Puppet Server CA will now write all of its files atomically, preventing an issue where CRLs could be read partway through being written, resulting in a failed load and corruping CA state.
    • Needs Assessment


      When issuing or revoking certificates, the Puppet Server must update files that hold the state of the certificate authority. Currently, this is done by opening the file as O_WRONLY|O_CREAT|O_TRUNC and re-writing the entire thing. This approach means that a sudden halt, such as an OutOfMemory kill or exhaustion of disk space, will interrupt the file write and leave incomplete, corrupted state behind. To mitigate this, Puppet Server should use atomic file operations when updating CA state files like the CRL, inventory, and serial number.

      In addition, if another thread attempts to read these files while they are being written, an incomplete version will be read into memory, causing a local problem, even if the file ultimately writes to completion.

      Suggested Approach

      When updating CA state files, Puppet Server should:

      • Write the new content to a temporary file, then fsync it
      • Move the temporary file into place, then fsync the directory containing the file

      If the server is interrupted before step 2 completes, then the previously valid file will remain.


        Issue Links



              patrick Patrick Carlisle
              chuck Charlie Sharpsteen
              0 Vote for this issue
              12 Start watching this issue



                Zendesk Support