openstack/puppet-tripleo
Code Issues Proposed changes

Workaround for /etc/pki/CA/certs/vnc.crt not present

Browse Source 
When doing an upgrade to TLS Everywhere, vnc.crt is not always created
by the time the getcert command exits (even though it is run with the
-w flag). Puppet then ignores the instruction to change the file
permissions, resulting in an error at a later stage, when podman
tries to mount the file onto a container.

Change-Id: I0e0009d57cd1c90f8ae28a2cfc9337ecf8c75112
This commit is contained in:
Grzegorz Grasza 2019-10-07 11:32:52 +02:00 committed by Alex Schultz
parent d9a94dd694
commit 2c241e3934
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
manifests/certmonger/libvirt_vnc.pp
View File

@ -81,8 +81,21 @@ define tripleo::certmonger::libvirt_vnc (
} }
if $cacertfile { if $cacertfile {
# Sometimes certmonger returns before creating the cacert file. This has
# been reported in: https://bugzilla.redhat.com/show_bug.cgi?id=1759281
# Until this is fixed, add this workaround.
exec { $cacertfile :
require => Certmonger_certificate[$name],
command => "test -f ${cacertfile}",
unless => "test -f ${cacertfile}",
tries => 60,
try_sleep => 1,
timeout => 60,
path => '/usr/bin:/bin',
}
file { $cacertfile : file { $cacertfile :
require => Certmonger_certificate[$name], require => Exec[$cacertfile],
mode => '0644' mode => '0644'
} }
~> Service<| title == $notify_service_real |> ~> Service<| title == $notify_service_real |>