Fix a potential race condition with certs-ramfs
There is a potential race condition in the start order for the
amphora-agent service and the certs-ramfs service.
This patch configures an explict ordering for the services.
Change-Id: I8e449b19af72d72f6effd52e0a2debb5754a19b3
Story: 2006823
Task: 37396
(cherry picked from commit 1900ee71a5
)
This commit is contained in:
parent
ce22677502
commit
7c1ab03332
@ -1,6 +1,6 @@
|
||||
description "Start up the Octavia Amphora Agent"
|
||||
|
||||
start on runlevel [2345]
|
||||
start on started certs-ramfs
|
||||
stop on runlevel [!2345]
|
||||
|
||||
respawn
|
||||
|
@ -1,6 +1,6 @@
|
||||
### BEGIN INIT INFO
|
||||
# Provides: amphora-agent
|
||||
# Required-Start: $remote_fs $syslog $network
|
||||
# Required-Start: $remote_fs $syslog $network certs-ramfs
|
||||
# Required-Stop: $remote_fs $syslog $network
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
|
@ -1,6 +1,7 @@
|
||||
[Unit]
|
||||
Description=OpenStack Octavia Amphora Agent
|
||||
After=network.target syslog.service
|
||||
After=network.target syslog.service certs-ramfs.service
|
||||
Requires=certs-ramfs.service
|
||||
Wants=syslog.service
|
||||
|
||||
[Service]
|
||||
|
@ -1,5 +1,6 @@
|
||||
[Unit]
|
||||
Description=Creates an encrypted ramfs for Octavia certs
|
||||
Before=amphora-agent.service
|
||||
After=cloud-config.target
|
||||
|
||||
[Service]
|
||||
|
@ -0,0 +1,14 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
A new amphora image is required to fix the potential certs-ramfs race
|
||||
condition.
|
||||
security:
|
||||
- |
|
||||
A race condition between the certs-ramfs and the amphora agent may lead
|
||||
to tenant TLS content being stored on the amphora filesystem instead of
|
||||
in the encrypted RAM filesystem.
|
||||
fixes:
|
||||
- |
|
||||
Fixed a potential race condition with the certs-ramfs and amphora agent
|
||||
services.
|
Loading…
Reference in New Issue
Block a user