Skip to content

fix: avoid failing on transient CFSSL startup errors#7821

Merged
vitormattos merged 2 commits into
mainfrom
fix/cfssl-startup-transient-failures
Jun 28, 2026
Merged

fix: avoid failing on transient CFSSL startup errors#7821
vitormattos merged 2 commits into
mainfrom
fix/cfssl-startup-transient-failures

Conversation

@vitormattos

Copy link
Copy Markdown
Member

Summary

  • adjust CfsslHandler::isUp() to treat transient startup/connection failures as a non-fatal false result
  • keep throwing only for the incompatible /health endpoint (HTTP 404)
  • keep generateRootCert() retry loop clean and deterministic without broad exception swallowing
  • increase CFSSL startup wait window in wakeUp() from ~5s to ~10s for slower CI runners

Why

Intermittent CI failures were happening during libresign:configure:cfssl when CFSSL had not finished starting yet. The previous flow could propagate transient connection errors too early.

Expected impact

  • reduced flakiness in integration scenario: "Create pfx with success using CFSSL"
  • preserves fatal behavior for genuinely incompatible CFSSL server versions

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

@YvesCesar YvesCesar left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vitormattos

I just have one suggestion for improvement regarding the variable name.

Comment thread lib/Handler/CertificateEngine/CfsslHandler.php Outdated
@vitormattos

Copy link
Copy Markdown
Member Author

/backport to stable34

@vitormattos

Copy link
Copy Markdown
Member Author

/backport to stable33

@vitormattos

Copy link
Copy Markdown
Member Author

/backport to stable32

Co-authored-by: Yves César Amorim de Azevedo <48072419+YvesCesar@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
@vitormattos vitormattos force-pushed the fix/cfssl-startup-transient-failures branch from a6fbc99 to fd31a19 Compare June 28, 2026 14:03
@vitormattos vitormattos merged commit c69628e into main Jun 28, 2026
75 checks passed
@vitormattos vitormattos deleted the fix/cfssl-startup-transient-failures branch June 28, 2026 20:14
@github-project-automation github-project-automation Bot moved this from 0. Needs triage to 4. to release in Roadmap Jun 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: 4. to release

Development

Successfully merging this pull request may close these issues.

2 participants