Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-3020

certificate_statuses endpoint is slow when only querying CSRs

    XMLWordPrintable

Details

    • Froyo
    • 2
    • Froyo - 8/11/2021
    • 44592
    • 1
    • Enhancement
    • Querying for CSRs will be much faster since we're only looking into the request directory instead of both certificate directory and request directory.
    • Needs Assessment

    Description

      The current method for querying CSRs from puppetserver is to use /puppet-ca/v1/certificate_statuses/ignored?state=requested. Unfortunately, this walks all of the signed certificates instead of just the CSRs, resulting in long query times. We have seen query times of over 2 minutes on this endpoint and they are called often when using the console. This causes long page load times as well as timeouts.

      One possible solution that was discussed is to only walk the CSR dir when state=requested https://github.com/puppetlabs/puppetserver/blob/6.x/src/clj/puppetlabs/puppetserver/certificate_authority.clj#L1562-L1563

      Outcomes

      • Querying CSRs in a specific state should be faster (don't gather data we don't need).

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-2233 Allow for retrieving a list of agents with unsigned certificates through the API

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved
          mentioned in

          Page Loading...

          Activity

            People

              tu.vu Tu Vu
              jarret.lavallee Jarret Lavallee
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support