Merge "Fix a potential race condition with certs-ramfs"
This commit is contained in:
commit
31139e61c8
elements
amphora-agent/install.d/amphora-agent-source-install
certs-ramfs/init-scripts/systemd
releasenotes/notes
@ -1,6 +1,6 @@
|
||||
description "Start up the Octavia Amphora Agent"
|
||||
|
||||
start on runlevel [2345]
|
||||
start on started certs-ramfs
|
||||
stop on runlevel [!2345]
|
||||
|
||||
respawn
|
||||
|
@ -1,6 +1,6 @@
|
||||
### BEGIN INIT INFO
|
||||
# Provides: amphora-agent
|
||||
# Required-Start: $remote_fs $syslog $network
|
||||
# Required-Start: $remote_fs $syslog $network certs-ramfs
|
||||
# Required-Stop: $remote_fs $syslog $network
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
|
@ -1,6 +1,7 @@
|
||||
[Unit]
|
||||
Description=OpenStack Octavia Amphora Agent
|
||||
After=network.target syslog.service
|
||||
After=network.target syslog.service certs-ramfs.service
|
||||
Requires=certs-ramfs.service
|
||||
Wants=syslog.service
|
||||
|
||||
[Service]
|
||||
|
@ -1,5 +1,6 @@
|
||||
[Unit]
|
||||
Description=Creates an encrypted ramfs for Octavia certs
|
||||
Before=amphora-agent.service
|
||||
After=cloud-config.target
|
||||
|
||||
[Service]
|
||||
|
@ -0,0 +1,14 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
A new amphora image is required to fix the potential certs-ramfs race
|
||||
condition.
|
||||
security:
|
||||
- |
|
||||
A race condition between the certs-ramfs and the amphora agent may lead
|
||||
to tenant TLS content being stored on the amphora filesystem instead of
|
||||
in the encrypted RAM filesystem.
|
||||
fixes:
|
||||
- |
|
||||
Fixed a potential race condition with the certs-ramfs and amphora agent
|
||||
services.
|
Loading…
x
Reference in New Issue
Block a user