Add sequence diagram for leader boot sequence

This commit is contained in:
Dhia Ayachi 2021-07-09 10:28:30 -04:00 committed by Daniel Nephin
parent fa833ac0f8
commit b843a98890
3 changed files with 24 additions and 1 deletions

View File

@ -94,6 +94,9 @@ Periodic (or background) opeartions are started automatically by the Consul lead
3. called by Auto-Config to sign a leaf cert for a client agent 3. called by Auto-Config to sign a leaf cert for a client agent
### detailed call flow ### detailed call flow
- sequence diagram for leader election ![CA Leader Sequence](./ca-leader-sequence.svg)
<sup>[source](./ca-leader-sequence.mmd)</sup>
- sequence diagram for leaf signing - sequence diagram for leaf signing
- sequence diagram for CA cert rotation - sequence diagram for CA cert rotation

View File

@ -0,0 +1,19 @@
sequenceDiagram
Participant Provider
Participant PL As Primary Leader
Participant SL As Secondary Leader
Alt Primary don't have a valid CA
PL->>Provider:initializeRootCA (fetch root and sign intermediate)
Provider->>PL:root + intermediate
PL->>PL:RPC ConnectCA.Roots (fetch primary root and store it)
end
SL->>PL: RPC ConnectCA.Roots (fetch primary root and store it)
PL->>SL: Root + intermediate
Alt Secondary needs a new intermediate (check if current intermediate is signed by primary root)
SL->>Provider: Generate CSR
Provider->>SL: CSR
SL->>PL: ConnectCA.SignIntermediate (CSR)
PL->>SL: Intermediate CA (secondary)
SL->>Provider: Set Intermediate (secondary CA) + root (primary CA)
SL->>SL: Store certs in RAFT (primary root + secondary intermediate)
end

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 12 KiB