Block addition of ssl_ca certs with same subject

Ansible playbook will fail in a re-run when it try to install the ssl_ca certificate for the second time, this change will prevent the fail by checking for existing ssl_ca certificates and deleting them before installing. Test Plan: PASS: Check re-run of the bootstrap.yml playbook multiple times. Closes-bug: 1981100 Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com> Change-Id: Ic87d216bc0b93af13b57faf38cedeba050e5c631
2022-08-02 11:57:31 -03:00 · 2022-08-02 11:57:31 -03:00 · 6130e999d5
commit 6130e999d5
parent 06b7ded118
1 changed files with 16 additions and 1 deletions
--- a/playbookconfig/src/playbooks/roles/bootstrap/persist-config/tasks/main.yml
+++ b/playbookconfig/src/playbooks/roles/bootstrap/persist-config/tasks/main.yml
@ -316,12 +316,27 @@
  when: use_docker_proxy


-# Install certificate if SSL CA certifcate is configured
+# Install certificate if SSL CA certificate is configured
 - block:
  - name: Set source for copying certificate
    set_fact:
      ssl_ca_source: "{{ mode == 'restore' }}"

+  - block:
+    - name: Check for existing ssl_ca certificates
+      shell: |
+        source /etc/platform/openrc
+        system certificate-list | grep ssl_ca | awk '{ print $2 }'
+      register: existing_ssl_ca_certificates_uuid
+
+    - name: Delete existing ssl_ca certificates
+      shell: source /etc/platform/openrc; system certificate-uninstall -m ssl_ca {{ item }}
+      with_items:
+      - "{{ existing_ssl_ca_certificates_uuid.stdout_lines }}"
+      when: existing_ssl_ca_certificates_uuid.stdout_lines | length > 0
+
+    when: replayed and mode != 'restore'
+
  - name: Copy ssl_ca certificate
    copy:
      src: "{{ ssl_ca_cert }}"