Fix a potential race condition with certs-ramfs
There is a potential race condition in the start order for the
amphora-agent service and the certs-ramfs service.
This patch configures an explict ordering for the services.
Change-Id: I8e449b19af72d72f6effd52e0a2debb5754a19b3
Story: 2006823
Task: 37396
(cherry picked from commit 1900ee71a5
)
This commit is contained in:
parent
96e5962e05
commit
c8e50b11f9
|
@ -1,6 +1,6 @@
|
||||||
description "Start up the Octavia Amphora Agent"
|
description "Start up the Octavia Amphora Agent"
|
||||||
|
|
||||||
start on runlevel [2345]
|
start on started certs-ramfs
|
||||||
stop on runlevel [!2345]
|
stop on runlevel [!2345]
|
||||||
|
|
||||||
respawn
|
respawn
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
### BEGIN INIT INFO
|
### BEGIN INIT INFO
|
||||||
# Provides: amphora-agent
|
# Provides: amphora-agent
|
||||||
# Required-Start: $remote_fs $syslog $network
|
# Required-Start: $remote_fs $syslog $network certs-ramfs
|
||||||
# Required-Stop: $remote_fs $syslog $network
|
# Required-Stop: $remote_fs $syslog $network
|
||||||
# Default-Start: 2 3 4 5
|
# Default-Start: 2 3 4 5
|
||||||
# Default-Stop: 0 1 6
|
# Default-Stop: 0 1 6
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=OpenStack Octavia Amphora Agent
|
Description=OpenStack Octavia Amphora Agent
|
||||||
After=network.target syslog.service
|
After=network.target syslog.service certs-ramfs.service
|
||||||
|
Requires=certs-ramfs.service
|
||||||
Wants=syslog.service
|
Wants=syslog.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Creates an encrypted ramfs for Octavia certs
|
Description=Creates an encrypted ramfs for Octavia certs
|
||||||
|
Before=amphora-agent.service
|
||||||
After=cloud-config.target
|
After=cloud-config.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
A new amphora image is required to fix the potential certs-ramfs race
|
||||||
|
condition.
|
||||||
|
security:
|
||||||
|
- |
|
||||||
|
A race condition between the certs-ramfs and the amphora agent may lead
|
||||||
|
to tenant TLS content being stored on the amphora filesystem instead of
|
||||||
|
in the encrypted RAM filesystem.
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Fixed a potential race condition with the certs-ramfs and amphora agent
|
||||||
|
services.
|
Loading…
Reference in New Issue