Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-3020

certificate_statuses endpoint is slow when only querying CSRs

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Ready for Engineering
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: SERVER 6.14.1
    • Fix Version/s: None
    • Component/s: Puppet Server
    • Template:
    • Team:
      Froyo
    • Story Points:
      2
    • Zendesk Ticket IDs:
      44592
    • Zendesk Ticket Count:
      1
    • QA Risk Assessment:
      Needs Assessment

      Description

      The current method for querying CSRs from puppetserver is to use /puppet-ca/v1/certificate_statuses/ignored?state=requested. Unfortunately, this walks all of the signed certificates instead of just the CSRs, resulting in long query times. We have seen query times of over 2 minutes on this endpoint and they are called often when using the console. This causes long page load times as well as timeouts.

      One possible solution that was discussed is to only walk the CSR dir when state=requested https://github.com/puppetlabs/puppetserver/blob/6.x/src/clj/puppetlabs/puppetserver/certificate_authority.clj#L1562-L1563

      Outcomes

      • Querying CSRs in a specific state should be faster (don't gather data we don't need).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              jarret.lavallee Jarret Lavallee
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:

                  Zendesk Support