Cannot start/join a cluster when internal CA cert is provided but not the key

Description

During cluster start/join, we generate several additional certs for the new services (eg. database replication). Those certs are signed by the internal CA, so it requires the internal CA key to be present, and if it's not available, then the node cannot join the cluster.

This situation can arise when users don't want to provide keys for their CA certs due to eg. PCI compliance.

Steps to Reproduce

Environment:
OS (CLI), HA cluster, cloud provider
------------------------------------

Steps to reproduce:
------------------
1. Bootstrap a manager providing ca_cert_path but not ca_key_path (and providing both internal_cert_path and internal_key_path)
2. Try to start a cluster

Expected result:
---------------
The node starts a cluster, and other nodes are able to join it

Actual result:
-------------
An error is thrown

Why Propose Close?

None

Status

Assignee

Łukasz Maksymczuk

Reporter

Łukasz Maksymczuk

Labels

Severity

Medium

Target Version

4.4

Premium Only

yes

Found In Version

4.3

QA Owner

Lital Hamami

Bug Type

legacy bug

Customer Encountered

Yes

Customer Name

None

Release Notes

yes

Priority

None

Epic Link

Sprint

None

Fix versions

Priority

Unprioritized