Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-3020

certificate_statuses endpoint is slow when only querying CSRs

    XMLWordPrintable

    Details

    • Template:
    • Team:
      Froyo
    • Story Points:
      2
    • Sprint:
      Froyo - 8/11/2021
    • Zendesk Ticket IDs:
      44592
    • Zendesk Ticket Count:
      1
    • Release Notes:
      Enhancement
    • Release Notes Summary:
      Querying for CSRs will be much faster since we're only looking into the request directory instead of both certificate directory and request directory.
    • QA Risk Assessment:
      Needs Assessment

      Description

      The current method for querying CSRs from puppetserver is to use /puppet-ca/v1/certificate_statuses/ignored?state=requested. Unfortunately, this walks all of the signed certificates instead of just the CSRs, resulting in long query times. We have seen query times of over 2 minutes on this endpoint and they are called often when using the console. This causes long page load times as well as timeouts.

      One possible solution that was discussed is to only walk the CSR dir when state=requested https://github.com/puppetlabs/puppetserver/blob/6.x/src/clj/puppetlabs/puppetserver/certificate_authority.clj#L1562-L1563

      Outcomes

      • Querying CSRs in a specific state should be faster (don't gather data we don't need).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tu.vu Tu Vu
              Reporter:
              jarret.lavallee Jarret Lavallee
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support