certmonger: improve orchestration for puppet4

The extract-and-trust-ca actually needs /var/lib/certmonger/local/creds file to be created, which is created when certmonger is started, not when package is installed. This patch change the exec dependency to run it only when service is started. Also, since the service create the file, let's relax the Exec a little bit by allowing to retry 5 times after 1s break in case the Exec fails, for example if service takes more than 5 seconds to create this file. It will avoid us some race condition in the deployment. Change-Id: I4cf4a04bddb8f042e8e8f7e1d1b69f846c533e3b
2016-09-20 15:52:18 -04:00 · 2016-09-20 15:52:18 -04:00 · 9b974df7a2
commit 9b974df7a2
parent 6a9429eeda
1 changed files with 6 additions and 4 deletions
--- a/manifests/certmonger/ca/local.pp
+++ b/manifests/certmonger/ca/local.pp
@ -29,9 +29,11 @@ class tripleo::certmonger::ca::local(
  $extract_cmd = "openssl pkcs12 -in ${ca_pkcs12} -out ${ca_pem} -nokeys -nodes -passin pass:''"
  $trust_ca_cmd = 'update-ca-trust extract'
  exec { 'extract-and-trust-ca':
-    command => "${extract_cmd} && ${trust_ca_cmd}",
-    path    => '/usr/bin',
-    creates => $ca_pem,
-    require => Package['certmonger'],
+    command   => "${extract_cmd} && ${trust_ca_cmd}",
+    path      => '/usr/bin',
+    creates   => $ca_pem,
+    tries     => 5,
+    try_sleep => 1,
+    require   => Service['certmonger'],
  }
 }