Allow replacing cluster certificate#82
Merged
Merged
Conversation
masnax
requested review from
markylaing,
roosterfish and
tomponline
as code owners
roosterfish
requested changes
Jan 23, 2024
Contributor
roosterfish
left a comment
roosterfish
left a comment
There was a problem hiding this comment.
Just some smaller comments :)
Signed-off-by: Max Asnaashari <max.asnaashari@canonical.com>
Signed-off-by: Max Asnaashari <max.asnaashari@canonical.com>
…ootstrap PostBootstrap is the equivalent of OnBootstrap, and PreBootstrap runs just before starting the API. Signed-off-by: Max Asnaashari <max.asnaashari@canonical.com>
Signed-off-by: Max Asnaashari <max.asnaashari@canonical.com>
masnax
force-pushed
the
add-cert-helper
branch
from
f55f90e to
b975ba4
Compare
roosterfish
reviewed
Jan 26, 2024
Contributor
roosterfish
left a comment
roosterfish
left a comment
There was a problem hiding this comment.
Sorry for the late reply, looking good, just two more comments I am not sure about.
Signed-off-by: Max Asnaashari <max.asnaashari@canonical.com>
Signed-off-by: Max Asnaashari <max.asnaashari@canonical.com>
Signed-off-by: Max Asnaashari <max.asnaashari@canonical.com>
masnax
force-pushed
the
add-cert-helper
branch
from
b975ba4 to
561729a
Compare
masnax
added a commit
to masnax/microcluster
that referenced
this pull request
Dec 10, 2024
Allow replacing cluster certificate (cherry picked from commit 490a98a)
masnax
added a commit
to masnax/microcluster
that referenced
this pull request
Dec 10, 2024
Allow replacing cluster certificate (cherry picked from commit 490a98a) Signed-off-by: Max Asnaashari <max.asnaashari@canonical.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a new internal endpoint to update the cluster certificate used with the listeners across the cluster. It sends a request to all cluster members and instructs them to write the certs into the state directory, and load them onto the daemon.
To facilitate this by default before the endpoints start, a new
PreBootstraphook is introduced which runs just after the daemon registers its name & address. The default cluster cert can be overwritten in the state directory at this point and get picked up during the bootstrap process.OnBootstraphas been renamed toPostBootstrapto keep things consistent.Additionally, there's a client function
UpdateClusterCertificatewhich will update the cluster cert after the daemon has started.cc @gboutry