Merge "[train-only] Fix certmonger vnc key file data race" into stable/train
This commit is contained in:
commit
700ded7530
|
@ -70,7 +70,17 @@ define tripleo::certmonger::libvirt_vnc (
|
|||
|
||||
$postsave_cmd_real = pick($postsave_cmd, "systemctl reload ${notify_service_real}")
|
||||
|
||||
certmonger_certificate { $name :
|
||||
file { $service_key :
|
||||
group => 'qemu',
|
||||
mode => '0640',
|
||||
audit => [content],
|
||||
}
|
||||
~> exec { "Purge ${service_certificate}" :
|
||||
command => "rm -f ${service_certificate}",
|
||||
refreshonly => true,
|
||||
path => '/usr/bin:/bin',
|
||||
}
|
||||
-> certmonger_certificate { $name :
|
||||
ensure => 'present',
|
||||
certfile => $service_certificate,
|
||||
keyfile => $service_key,
|
||||
|
@ -108,16 +118,27 @@ define tripleo::certmonger::libvirt_vnc (
|
|||
~> Service<| title == $notify_service_real |>
|
||||
}
|
||||
|
||||
file { $service_certificate :
|
||||
require => Certmonger_certificate[$name],
|
||||
mode => '0644'
|
||||
exec { $service_certificate :
|
||||
require => Certmonger_certificate[$name],
|
||||
command => "test -f ${service_certificate}",
|
||||
unless => "test -f ${service_certificate}",
|
||||
tries => 60,
|
||||
try_sleep => 1,
|
||||
timeout => 60,
|
||||
path => '/usr/bin:/bin',
|
||||
}
|
||||
file { $service_key :
|
||||
group => 'qemu',
|
||||
mode => '0640',
|
||||
audit => [content],
|
||||
-> exec { "Change permissions and owner of ${service_key}":
|
||||
command => "chgrp qemu ${service_key} && chmod 0640 ${service_key}",
|
||||
refreshonly => true,
|
||||
path => '/usr/bin:/bin',
|
||||
}
|
||||
|
||||
File[$service_certificate] ~> Service<| title == $notify_service_real |>
|
||||
file { $service_certificate :
|
||||
group => 'qemu',
|
||||
mode => '0644'
|
||||
}
|
||||
|
||||
Certmonger_certificate[$name] ~> Exec["Change permissions and owner of ${service_key}"]
|
||||
Exec["Purge ${service_certificate}"] -> File[$service_certificate] ~> Service<| title == $notify_service_real |>
|
||||
File[$service_key] ~> Service<| title == $notify_service_real |>
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue