Merge "Support adding a trusted CA certificate in ansible"

2019-06-20 20:27:59 +00:00 · 2019-06-20 20:27:59 +00:00 · 70609a3d55
parent 1d1c8f6df7 023c011063
commit 70609a3d55
2 changed files with 19 additions and 2 deletions
--- a/puppet-manifests/src/modules/platform/manifests/config.pp
+++ b/puppet-manifests/src/modules/platform/manifests/config.pp
@ -251,6 +251,13 @@ class platform::config::certs::ssl_ca
  inherits ::platform::config::certs::params {

  $ssl_ca_file = '/etc/pki/ca-trust/source/anchors/ca-cert.pem'
+  if str2bool($::is_initial_config) {
+    $docker_restart_cmd = 'systemctl restart docker'
+  }
+  else {
+    $docker_restart_cmd = 'pmon-restart dockerd'
+  }
+
  if ! empty($ssl_ca_cert) {
    file { 'create-ssl-ca-cert':
      ensure  => present,
@ -273,10 +280,19 @@ class platform::config::certs::ssl_ca
    refreshonly => true
  }
  -> exec { 'restart docker':
-    command     => 'pmon-restart dockerd',
+    command     => $docker_restart_cmd,
    subscribe   => File[$ssl_ca_file],
    refreshonly => true
  }
+  if str2bool($::is_controller_active) {
+    Exec['restart docker']
+    -> file { '/etc/platform/.ssl_ca_complete':
+      ensure => present,
+      owner  => root,
+      group  => root,
+      mode   => '0644',
+    }
+  }
 }


--- a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py
+++ b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py
@ -10292,7 +10292,8 @@ class ConductorManager(service.PeriodicService):
            }
            self._config_apply_runtime_manifest(context,
                                                config_uuid,
-                                                config_dict)
+                                                config_dict,
+                                                force=True)
        elif mode == constants.CERT_MODE_DOCKER_REGISTRY:
            LOG.info("Docker registry certificate install")
            # docker registry requires a PKCS1 key for the token server