Skip to content

fix: avoid failing on transient CFSSL startup errors#7821

Merged
vitormattos merged 2 commits into
mainfrom
fix/cfssl-startup-transient-failures
Jun 28, 2026
Merged

fix: avoid failing on transient CFSSL startup errors#7821
vitormattos merged 2 commits into
mainfrom
fix/cfssl-startup-transient-failures

Conversation

@vitormattos

@vitormattos vitormattos commented Jun 19, 2026

Copy link
Copy Markdown
Member

Summary

  • adjust CfsslHandler::isUp() to treat transient startup/connection failures as a non-fatal false result
  • keep throwing only for the incompatible /health endpoint (HTTP 404)
  • keep generateRootCert() retry loop clean and deterministic without broad exception swallowing
  • increase CFSSL startup wait window in wakeUp() from ~5s to ~10s for slower CI runners

Why

Intermittent CI failures were happening during libresign:configure:cfssl when CFSSL had not finished starting yet. The previous flow could propagate transient connection errors too early.

Expected impact

  • reduced flakiness in integration scenario: "Create pfx with success using CFSSL"
  • preserves fatal behavior for genuinely incompatible CFSSL server versions

@vitormattos
fix: avoid failing on transient CFSSL startup errors
fcefe5d 
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
@github-project-automation github-project-automation Bot moved this to 0. Needs triage in Roadmap Jun 19, 2026
@vitormattos vitormattos self-assigned this Jun 19, 2026
@vitormattos vitormattos added this to the Next Major (35) milestone Jun 19, 2026
@vitormattos vitormattos requested a review from YvesCesar June 19, 2026 22:28
@vitormattos vitormattos mentioned this pull request Jun 19, 2026
Merged
@YvesCesar YvesCesar mentioned this pull request Jun 24, 2026
Merged
5 tasks
YvesCesar
YvesCesar reviewed Jun 27, 2026
View reviewed changes

@YvesCesar YvesCesar left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vitormattos

I just have one suggestion for improvement regarding the variable name.

Comment thread lib/Handler/CertificateEngine/CfsslHandler.php Outdated
@vitormattos

vitormattos commented Jun 28, 2026

Copy link
Copy Markdown
Member Author

/backport to stable34

@vitormattos

vitormattos commented Jun 28, 2026

Copy link
Copy Markdown
Member Author

/backport to stable33

@vitormattos

vitormattos commented Jun 28, 2026

Copy link
Copy Markdown
Member Author

/backport to stable32

@vitormattos @YvesCesar
chore: Update lib/Handler/CertificateEngine/CfsslHandler.php
fd31a19 
Co-authored-by: Yves César Amorim de Azevedo <48072419+YvesCesar@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
@vitormattos vitormattos force-pushed the fix/cfssl-startup-transient-failures branch from a6fbc99 to fd31a19 Compare June 28, 2026 14:03
@vitormattos vitormattos merged commit c69628e into main Jun 28, 2026
75 checks passed
@vitormattos vitormattos deleted the fix/cfssl-startup-transient-failures branch June 28, 2026 20:14
@github-project-automation github-project-automation Bot moved this from 0. Needs triage to 4. to release in Roadmap Jun 28, 2026
This was referenced Jun 28, 2026
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@YvesCesar YvesCesar YvesCesar left review comments

Assignees

@vitormattos vitormattos

Labels

None yet

Projects

Roadmap
Status: 4. to release

Milestone

Next Major (35)

Development

Successfully merging this pull request may close these issues.

2 participants

@vitormattos @YvesCesar