Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4581

Tolerate that resources are not available at application startup

    Details

    • Type: Epic
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: EJBCA 6.4.0
    • Fix Version/s: None
    • Labels:
      None
    • Epic Name:
      Fault tolerance
    • Issue discovered during:
      Ad Hoc

      Description

      During application startup we expect the database and audit log protection mechanism to be available.

      If this is not the case, the application will fail hard and there is no recovery to a good state.

      Note that we can already largely tolerate that the database is unavailable for throw away CA mode with audit loggin only to the server log (no database writes).

      Tasks:

      • We should redesign database interactions to allow for delayed activation of the application when the database is not available.
      • When the database is available, but the database protection mechanism is not, we should allow an admin (perhaps with a certificate issued by the trust anchor for the Admin GUI or a CLI admin) to activate the database protection HSM slot.
      • Make sure that health check is down for maintenance (or similar) when EJBCA is not operational

      Design meeting required. (This probably should be done together with redesign of our object caches.)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              johan Johan Eklund
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: