Extract local CA if it expired
This adds a conditional that extracts certmonger's local CA if the certificate doesn't exist or if it has expired already. This adds the ability for the deployer to fix the undercloud installation with the undercloud install command itself if expiration of the CA cert happens. Change-Id: I61577be2434d7321dd462902d386c6911c2c4f57 Closes-Bug: #1753948
This commit is contained in:
parent
50f2bf278c
commit
a4ae09d169
|
@ -31,7 +31,7 @@ class tripleo::certmonger::ca::local(
|
|||
exec { 'extract-and-trust-ca':
|
||||
command => "${extract_cmd} && ${trust_ca_cmd}",
|
||||
path => '/usr/bin',
|
||||
creates => $ca_pem,
|
||||
unless => "test -e ${ca_pem} && openssl x509 -checkend 0 -noout -in ${ca_pem}",
|
||||
tries => 5,
|
||||
try_sleep => 1,
|
||||
}
|
||||
|
|
|
@ -34,7 +34,7 @@ describe 'tripleo::certmonger::ca::local' do
|
|||
|
||||
it 'should extract CA cert' do
|
||||
is_expected.to contain_exec('extract-and-trust-ca').with(
|
||||
:creates => params[:ca_pem],
|
||||
:unless => "test -e #{params[:ca_pem]} && openssl x509 -checkend 0 -noout -in #{params[:ca_pem]}",
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue