Description
The reloadCertificate REST API unconditionally restarts the Erlang TLS distribution and the HTTPs server even if the reload is a "no-op" i.e. the inbox is empty.) These restarts can disconnect the node from other nodes and may cause things like rebalance to halt and replication connections to need to be re-established. We've seen this happen in certain cases in the field.
It would be a nice improvement to check to see if the cert reload is a no-op and short circuit return with success.
Attachments
Gerrit Reviews
For Gerrit Dashboard: MB-61320 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
209796,1 | MB-61320: Make /reloadCertificate no-op for unchanged certs | master | ns_server | Status: NEW | 0 | 0 |
209797,2 | MB-61320: Add "force" to reloadCertificate | master | ns_server | Status: NEW | 0 | +1 |