Merge "Always update the local certmonger ca cert"

2021-04-08 11:27:15 +00:00 · 2021-04-08 11:27:15 +00:00 · 12ef7e9632
parent c76182cb3a a65df66fb6
commit 12ef7e9632
1 changed files with 3 additions and 5 deletions
--- a/deployment/haproxy/haproxy-public-tls-certmonger.yaml
+++ b/deployment/haproxy/haproxy-public-tls-certmonger.yaml
@ -95,11 +95,9 @@ outputs:
              shell: |
                set -e
                ca_pem='/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'
-                if ! { test -e ${ca_pem} && openssl x509 -checkend 0 -noout -in ${ca_pem}; }; then
-                    openssl pkcs12 -in /var/lib/certmonger/local/creds -out ${ca_pem} -nokeys -nodes -passin pass:''
-                    chmod 0644 ${ca_pem}
-                    update-ca-trust extract
-                fi
+                openssl pkcs12 -in /var/lib/certmonger/local/creds -out ${ca_pem} -nokeys -nodes -passin pass:''
+                chmod 0644 ${ca_pem}
+                update-ca-trust extract
                test -e ${ca_pem} && openssl x509 -checkend 0 -noout -in ${ca_pem}
              retries: 5
              delay: 1