From 85ff3f0cc90b6f63d94bf26b812838b79746d4ec Mon Sep 17 00:00:00 2001 From: Alexey Odinokov Date: Fri, 27 Feb 2026 13:00:48 -0600 Subject: [PATCH] Vnc ca/key/cert must persist in case container restarts In rare situations when libvirt crashes it restarts in new container, but since mv was used originally ca/key/cert are not in /tmp and this resulits in them being absent by the final destination /etc/pki/libvirt-vnc. Switching to cp solves the problem. Since /tmp is a local for the pod volume there must be no concerns related to keeping those files in that directory. Change-Id: Idf3cc886b5b627e4a7c21e5158ccd2956efbd437 Signed-off-by: Alexey Odinokov --- libvirt/templates/bin/_libvirt.sh.tpl | 6 +++--- releasenotes/notes/libvirt-f81d6fc0b0094209.yaml | 7 +++++++ 2 files changed, 10 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/libvirt-f81d6fc0b0094209.yaml diff --git a/libvirt/templates/bin/_libvirt.sh.tpl b/libvirt/templates/bin/_libvirt.sh.tpl index 81813f4f5b..56daa56e19 100644 --- a/libvirt/templates/bin/_libvirt.sh.tpl +++ b/libvirt/templates/bin/_libvirt.sh.tpl @@ -19,9 +19,9 @@ set -ex # NOTE(mnaser): This will move the VNC certificates into the expected location. if [ -f /tmp/vnc.crt ]; then mkdir -p /etc/pki/libvirt-vnc - mv /tmp/vnc.key /etc/pki/libvirt-vnc/server-key.pem - mv /tmp/vnc.crt /etc/pki/libvirt-vnc/server-cert.pem - mv /tmp/vnc-ca.crt /etc/pki/libvirt-vnc/ca-cert.pem + cp /tmp/vnc.key /etc/pki/libvirt-vnc/server-key.pem + cp /tmp/vnc.crt /etc/pki/libvirt-vnc/server-cert.pem + cp /tmp/vnc-ca.crt /etc/pki/libvirt-vnc/ca-cert.pem fi if [ -n "$(cat /proc/*/comm 2>/dev/null | grep -w libvirtd)" ]; then diff --git a/releasenotes/notes/libvirt-f81d6fc0b0094209.yaml b/releasenotes/notes/libvirt-f81d6fc0b0094209.yaml new file mode 100644 index 0000000000..568481f539 --- /dev/null +++ b/releasenotes/notes/libvirt-f81d6fc0b0094209.yaml @@ -0,0 +1,7 @@ +--- +libvirt: + - | + Keeping vnc ca/key/cert in /tmp so in case container (not pod) restarts + it could copy them one again to the proper place. This allows to handle + libvirt crashes properly without restarting libvirt pods. +...