-
-
Notifications
You must be signed in to change notification settings - Fork 593
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid inserting duplicate certificates or precertificates #5468
Comments
Note: This could be as simple as starting a transaction and doing a While this could be done to all saves to Certificates, it makes sense to me to start with the orphans and, if we end up re-opening, then we could add a robust "insert certificate" procedure for all cases. Given the overhead on a hot path, I'd argue we should consider that as a real stored procedure rather than making the SA do multiple roundtrips on each issuance -- so maybe let's start simple. |
JC says this is high priority. Grabbing for this milestone immediately. Short term: add transaction get-then-insert to Orphan Finder. Mid term: see if there are any other codepaths that might result in duplicate entries. Long term: if yes, consider replacing transaction with stored procedure to cover all possible inserters. |
Error at SA if the certificate or precertificate already exist in the database Fixes: #5468
* Check for duplicate certs before adding to db Error at SA if the certificate or precertificate already exist in the database Fixes: #5468
@jcjones mentioned in #5467
Coincidently this occurred when we deployed #5311 to staging and restarted the boulder stack. Metrics showed ~1400 orphaned certificates detected as a result of the restart with ~1390 of them being adopted.
![orphans](https://user-images.githubusercontent.com/2382565/121227879-129fb380-c85a-11eb-9df4-7a5d00feb316.png)
We've scanned the production DB and have not detected any duplicate certs there.
The text was updated successfully, but these errors were encountered: