Damien Ciabrini f6c88d0146 HA: inject public certificates without blocking container
Do not inject public certificates in pacemaker bundles by means
of "podman cp", as this pauses the container for a short amount
of time and can make pacemaker operation fail during that time
window and impact cluster for no reason.

Keep "podman cp" for non-HA containers, as the freeze is short
and doesn't seem to impact podman monitoring anyway.

The new certificate injection only works for podman 1.9+, lower
version won't overwrite the existing certificate.

Adapted from Id7308f028f33716be5e3df6699c3f2c12e33e344, as the
same behaviour is implemented in puppet-tripleo before wallaby.

Change-Id: I14be16052677bf3426a88ec4b5299f9502007472
Related-Bug: #1917868
2021-03-31 20:06:48 +02:00
..