Disable openldap CA cert installation for upgrade

In 66-create-open-ldap-certificate.py, it will call "system certificate-install -m ssl_ca" to install the openldap CA cert. Since sysinv is blocked waiting for the script to return, it won't process the system certificate install call, causing the call eventually timeout and the script fail. This change disabled openldap CA cert installation in the upgrade script as a temporary fix. A proper solution will be followed. Test Plan: PASS: DX system upgrade at least to the point of upgrade activation. Story: 2009834 Task: 46455 Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/859669 Signed-off-by: Andy Ning <andy.ning@windriver.com> Change-Id: I3eee375936b13f0f666bfd9bcf964e35a088834b
2022-09-28 13:34:30 -04:00 · 2022-09-28 13:34:30 -04:00 · 6a704b12b8
parent a8cc17e12b
commit 6a704b12b8
1 changed files with 3 additions and 1 deletions
--- a/controllerconfig/controllerconfig/upgrade-scripts/66-create-open-ldap-certificate.py
+++ b/controllerconfig/controllerconfig/upgrade-scripts/66-create-open-ldap-certificate.py
@ -41,7 +41,9 @@ def create_openldap_certificate():
    """
    playbooks_root = '/usr/share/ansible/stx-ansible/playbooks'
    upgrade_script = 'create-openldap-certificate-for-upgrade.yml'
-    cmd = 'ansible-playbook {}/{}'.format(playbooks_root, upgrade_script)
+    # TODO(aning): remove the extra-vars option
+    cmd = 'ansible-playbook -e install_ca_cert=no {}/{}'.format(
+        playbooks_root, upgrade_script)
    sub = subprocess.Popen(cmd, shell=True,
                           stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    stdout, stderr = sub.communicate()