Fix py3 amphora-agent cert-rotation type bug

Flask's stream always returns bytes, file write always takes string. This causes py3 amps to return 500 on cert rotation AND wipe out the certificate, so the amphora are no longer controllable and go to ERROR state. Anyone running py3 amps prior to this patch will experience amphorae breaking on a timer due to housekeeping cert rotation! Change-Id: I831b0b48d719397c14d80f8ebcbad997c50c7795
2020-04-14 04:27:49 -07:00 · 2020-04-14 04:27:49 -07:00 · 96a4482dff
parent c9e1551550
commit 96a4482dff
2 changed files with 12 additions and 1 deletions
--- a/octavia/amphorae/backends/agent/api_server/certificate_update.py
+++ b/octavia/amphorae/backends/agent/api_server/certificate_update.py
@ -30,7 +30,7 @@ def upload_server_cert():
    flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC
    # mode 00600
    mode = stat.S_IRUSR | stat.S_IWUSR
-    with os.fdopen(os.open(file_path, flags, mode), 'w') as crt_file:
+    with os.fdopen(os.open(file_path, flags, mode), 'wb') as crt_file:
        b = stream.read(BUFFER)
        while b:
            crt_file.write(b)
--- a/releasenotes/notes/amp-agent-py3-cert-upload-binary-74e0ab35c5a85c68.yaml
+++ b/releasenotes/notes/amp-agent-py3-cert-upload-binary-74e0ab35c5a85c68.yaml
@ -0,0 +1,11 @@
+---
+upgrade:
+  - |
+    Any amphorae running a py3 based image must be recycled or else they will
+    eventually fail on certificate rotation.
+fixes:
+  - |
+    Resolved broken certificate upload on py3 based amphora images. On a
+    housekeeping certificate rotation event, the amphora would clear out its
+    server certificate and return a 500, putting the amphora in ERROR status
+    and breaking further communication. See upgrade notes.