Closed Kellel closed 5 years ago
Why? If something explicitly needs to ensure it's certs are in place before it starts, it should issue a certmgr ensure -d /path/to/spec
as part of it's start up process, rather than having a dependency on certmgrd being up.
Closing for the reasons I mentioned; certmgr in daemon mode is async, updating as it goes. It's intentionally not synchronous.
If you wish that certmgr daemon is considered 'up' once all certs have been successfully created, this can be implemented via your init script or systemd unit file. For systemd just set an ExecStartPre=/usr/bin/certmgr ensure
to accomplish this.
The certmgr daemon on starting should have the option to block startup until it has managed to create all certificates, similar to the functionality provided by certmgr ensure