Workaround for /etc/pki/CA/certs/vnc.crt not present

When doing an upgrade to TLS Everywhere, vnc.crt is not always created
by the time the getcert command exits (even though it is run with the
-w flag). Puppet then ignores the instruction to change the file
permissions, resulting in an error at a later stage, when podman
tries to mount the file onto a container.

Change-Id: I0e0009d57cd1c90f8ae28a2cfc9337ecf8c75112
This commit is contained in:
Grzegorz Grasza 2019-10-07 11:32:52 +02:00 committed by Alex Schultz
parent d9a94dd694
commit 2c241e3934
1 changed files with 14 additions and 1 deletions

View File

@ -81,8 +81,21 @@ define tripleo::certmonger::libvirt_vnc (
}
if $cacertfile {
# Sometimes certmonger returns before creating the cacert file. This has
# been reported in: https://bugzilla.redhat.com/show_bug.cgi?id=1759281
# Until this is fixed, add this workaround.
exec { $cacertfile :
require => Certmonger_certificate[$name],
command => "test -f ${cacertfile}",
unless => "test -f ${cacertfile}",
tries => 60,
try_sleep => 1,
timeout => 60,
path => '/usr/bin:/bin',
}
file { $cacertfile :
require => Certmonger_certificate[$name],
require => Exec[$cacertfile],
mode => '0644'
}
~> Service<| title == $notify_service_real |>