Certmgr should provide the ability to block startup until all certificates have been created

cloudflare / certmgr

Automated certificate management using a CFSSL CA.

BSD 2-Clause "Simplified" License

218 stars 40 forks source link

Certmgr should provide the ability to block startup until all certificates have been created #49

Closed Kellel closed 5 years ago

Kellel commented 6 years ago

The certmgr daemon on starting should have the option to block startup until it has managed to create all certificates, similar to the functionality provided by certmgr ensure

ferringb commented 6 years ago

Why? If something explicitly needs to ensure it's certs are in place before it starts, it should issue a certmgr ensure -d /path/to/spec as part of it's start up process, rather than having a dependency on certmgrd being up.

ferringb commented 5 years ago

Closing for the reasons I mentioned; certmgr in daemon mode is async, updating as it goes. It's intentionally not synchronous.

If you wish that certmgr daemon is considered 'up' once all certs have been successfully created, this can be implemented via your init script or systemd unit file. For systemd just set an ExecStartPre=/usr/bin/certmgr ensure to accomplish this.