EasyRSA Charm

Race condition in creating a ca file and creating service certificates

Bug #1992676 reported by Adam Dyess
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
EasyRSA Charm
Fix Released
Low
Adam Dyess
EasyRSA Charm 1.26

Bug Description

Experienced in easyrsa-21

https://paste.ubuntu.com/p/kJDWMmTGvQ/

There's a race condition between create_certificate_authority and create_server_certificate which results in there not being a CA file creating the server certificates.

Specifically, looks like create_certificate_authority aborted early because juju hadn't provided a public address yet: https://github.com/charmed-kubernetes/layer-easyrsa/blob/2f4ade054b861c41acc39ae7e24bd581f0c1cb13/reactive/easyrsa.py#L208-L214

create_server_cert needs to wait for that to succeed, but the @when gates don't cover it

The "Public address not available yet" condition is specific to certain clouds where this failure was encountered

Revision history for this message
Adam Dyess (addyess) wrote :

https://github.com/charmed-kubernetes/layer-easyrsa/pull/40

Changed in charm-easyrsa:
status: New → In Progress
assignee: nobody → Adam Dyess (addyess)
milestone: none → 1.26
importance: Undecided → Low
George Kraft (cynerva)
Changed in charm-easyrsa:
status: In Progress → Fix Committed
Adam Dyess (addyess)
Changed in charm-easyrsa:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.