PKI signing server should support rebooting #145
Assignees
Labels
Comments
s0rc3r3r01
changed the title
|
yes we should definitely enable this as you outline above. pr most welcome |
|
something like this should do the trick: bbc4251 i'll merge to master if testing checks out |
|
The issue with that, is that if you destroy the machine and recreate it, it will recreate the certs. I have another solution, that I still have to test completely, I've created a PR to review : #147 I still have to test it carefully... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I've seen the changes that were recently done with the introduction of the PKI module.
This is a very good improvement.
However I was recently thinking, what will happen if the PKI server reboots or crashes ?
It will be restarted and it will create a new ca, store it in s3 and start signing certificates with this one ? Is this really what we want ?
I think that the cloudinit should check if the file exists on s3 before and if it is there download it and start serving with this one, if it is not there just create it.
I'm happy to do the changes and create a PR myself if we agree this is indeed an issue and this is the way it should be tackled.
The text was updated successfully, but these errors were encountered: