Vnc ca/key/cert must persist in case container restarts

In rare situations when libvirt crashes it restarts in new container, but since mv was used originally ca/key/cert are not in /tmp and this resulits in them being absent by the final destination /etc/pki/libvirt-vnc. Switching to cp solves the problem. Since /tmp is a local for the pod volume there must be no concerns related to keeping those files in that directory. Change-Id: Idf3cc886b5b627e4a7c21e5158ccd2956efbd437 Signed-off-by: Alexey Odinokov <aodinokov@mirantis.com>
2026-02-27 13:00:48 -06:00
parent 0c5d4e31f4
commit 85ff3f0cc9
2 changed files with 10 additions and 3 deletions
--- a/libvirt/templates/bin/_libvirt.sh.tpl
+++ b/libvirt/templates/bin/_libvirt.sh.tpl
@@ -19,9 +19,9 @@ set -ex
 # NOTE(mnaser): This will move the VNC certificates into the expected location.
 if [ -f /tmp/vnc.crt ]; then
  mkdir -p /etc/pki/libvirt-vnc
-  mv /tmp/vnc.key /etc/pki/libvirt-vnc/server-key.pem
-  mv /tmp/vnc.crt /etc/pki/libvirt-vnc/server-cert.pem
-  mv /tmp/vnc-ca.crt /etc/pki/libvirt-vnc/ca-cert.pem
+  cp /tmp/vnc.key /etc/pki/libvirt-vnc/server-key.pem
+  cp /tmp/vnc.crt /etc/pki/libvirt-vnc/server-cert.pem
+  cp /tmp/vnc-ca.crt /etc/pki/libvirt-vnc/ca-cert.pem
 fi

 if [ -n "$(cat /proc/*/comm 2>/dev/null | grep -w libvirtd)" ]; then
--- a/releasenotes/notes/libvirt-f81d6fc0b0094209.yaml
+++ b/releasenotes/notes/libvirt-f81d6fc0b0094209.yaml
@@ -0,0 +1,7 @@
+---
+libvirt:
+  - |
+    Keeping vnc ca/key/cert in /tmp so in case container (not pod) restarts
+    it could copy them one again to the proper place. This allows to handle
+    libvirt crashes properly without restarting libvirt pods.
+...