Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-373

Quick method needed to reload the CRL.

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Do
    • Affects Version/s: SERVER 1.0.2
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:

      Puppet 3.7.4 on RHEL6 x86_64.

    • Template:
    • CS Priority:
      Normal
    • CS Frequency:
      3 - 25-50% of Customers
    • CS Severity:
      2 - Annoyance
    • CS Business Value:
      3 - $$$$
    • CS Impact:
      Hide
      The CRL should be up to date all the time in an ideal world. In the interim something to make this less lengthy would be great.

      This is the same process as it was pre puppet-server, but it takes much longer now due to jvm startup times.
      Show
      The CRL should be up to date all the time in an ideal world. In the interim something to make this less lengthy would be great. This is the same process as it was pre puppet-server, but it takes much longer now due to jvm startup times.

      Description

      When managing client certs to do things like retire old nodes with "puppet node clean" or revoke client certs for nodes that had a security issue, the CRL gets updated. Right now it seems that the only way to get the puppetserver to reload this new CRL is by a full restart, which is a very time consuming operation. With rack/passenger, a simple and quick "apachectl graceful" command would reload the CRL. I tried the 2 current admin API commands that flush the environment cache and restart the jruby interpreter pool but neither of them make the puppetserver see the updated CRL. Would it be possibly to make a new admin command to do this, or provide some other lightweight method to reload the puppetserver to see the updated CRL?

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              smithj4 Jason A. Smith
              QA Contact:
              Erik Dasher
              Votes:
              3 Vote for this issue
              Watchers:
              14 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support