© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Subscribing ~field-high.
We don't need easyrsa to be HA like active-active. But we need to keep the original CA cert/key to issue another server cert for other applications. So the current behavior that the second unit will overwrite and delete the original CA from Juju leader storage when the first unit is dead is not appropriate.
We are still using easyrsa for etcd to bootstrap Vault HA in existing customer deployments. Until the following bug will be addressed as a new feature, this issue needs a hotfix otherwise we will suffer from recovering etcd-vault clusters from just one physical host failure from an operational point of view.
https:/