boulder icon indicating copy to clipboard operation
boulder copied to clipboard
verified publisher icon letsencrypt

boulder-va should explicitly record the quorum met for the issuance (eg, 5/6 or 6/6)

Open mcpherrinm opened this issue 1 year ago • 0 comments

Per MPIC ballot, we should record this explicitly in audit logs.

We need to make sure that we can distinguish between a positive failure from an RVA versus not waiting longer for a response.

Notes added by @beautifulentropy

RVA audit logs are not collected to tape, we'll need to:

  • [ ] Make remote perspective quorum configurable
  • [ ] Return Perspective and RIR from RVA -> VA
  • [ ] Log remote perspective quorum result
  • [ ] Record gRPC timeouts and cancellations distinctly from validation failures
  • [ ] During deployments and scaling actions, ensure all attempts dispatched by the VA -> RVA are completed and logged. Any timeouts in the graceful shutdown process should be longer than the VA -> RVA gRPC timeout.

mcpherrinm avatar Jul 19 '24 01:07 mcpherrinm