Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8580

Option to disable adding of new nodes to GlobalConfiguration

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.15.2.1
    • Fix Version/s: EJBCA 7.3.1, EJBCA 7.3.0.1
    • Component/s: None
    • Labels:
      None
    • Environment:
      Environments where application instances come and go.
    • Issue discovered during:
      Customer
    • Sprint:
      EJBCA Team Bob - 2019 w40

      Description

      On each startup org.ejbca.core.ejb.StartupSingletonBean.startup() will add the current hostname to org.ejbca.config.GlobalConfiguration.getNodesInCluster().

      In environments where instances come and go this list grows quickly and becomes unmanageable.

      A conf/ejbca.properties setting to disable this option and not exposing functionality like node-pinning when the node-list is empty would go a long way as first aid. E.g.

      # By default, EJBCA keeps a list of every EJBCA instance's hostname that has started in this cluster
      # and allows for example Services to be pinned to a specific set of hostnames.
      # In environments that has many short-lived instances with different hostnames this should be disabled.
      #
      # Default: true
      #ejbca.nodetracking=true
      

      Additionally:

      • Manual node management should still be possible to allow node pinning if there are a few instances with deterministic hostnames in the cluster.
      • The pinning settings should not be visible if the list of nodes is empty (while previously existing pinning configuration still needs to be visible to allow removal of such pinning).

      Properly keeping track of alive nodes will most likely be needed, but requires a larger effort and is related to being able to pin services and publishers to failure zones/sites, automating post-upgrade etc.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              johan Johan Eklund
              Reporter:
              johan Johan Eklund
              Verified by:
              Bastian Fredriksson
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: