You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the proof-of-concept if a key cannot be generated or the internal key mapping cannot be updated and persisted then Krill will exit. Is this okay, or should Krill retry and if so how often and how fast? If all retries fail should Krill exit or only produce errors in the logs? If failures are retried should we count how often this happens and expose it as a metric? Should failure to sign result in a warning but Krill keeps running, or? What about failure to delete a HSM key or failure to generate random values via the HSM?
The text was updated successfully, but these errors were encountered:
For the walking skeleton PR #679@timbru and I decided that Krill should not fail to start nor should it exit if there is a problem communicating with the HSM, instead we should warn in the logs and a retry with backoff approach has been implemented for connections/requests that fail due to a network timeout or I/O error.
In the proof-of-concept if a key cannot be generated or the internal key mapping cannot be updated and persisted then Krill will exit. Is this okay, or should Krill retry and if so how often and how fast? If all retries fail should Krill exit or only produce errors in the logs? If failures are retried should we count how often this happens and expose it as a metric? Should failure to sign result in a warning but Krill keeps running, or? What about failure to delete a HSM key or failure to generate random values via the HSM?
The text was updated successfully, but these errors were encountered: