diff --git a/puppet-manifests/src/modules/platform/manifests/config.pp b/puppet-manifests/src/modules/platform/manifests/config.pp index 90200f3a4c..7c00ae4da1 100644 --- a/puppet-manifests/src/modules/platform/manifests/config.pp +++ b/puppet-manifests/src/modules/platform/manifests/config.pp @@ -251,6 +251,13 @@ class platform::config::certs::ssl_ca inherits ::platform::config::certs::params { $ssl_ca_file = '/etc/pki/ca-trust/source/anchors/ca-cert.pem' + if str2bool($::is_initial_config) { + $docker_restart_cmd = 'systemctl restart docker' + } + else { + $docker_restart_cmd = 'pmon-restart dockerd' + } + if ! empty($ssl_ca_cert) { file { 'create-ssl-ca-cert': ensure => present, @@ -273,10 +280,19 @@ class platform::config::certs::ssl_ca refreshonly => true } -> exec { 'restart docker': - command => 'pmon-restart dockerd', + command => $docker_restart_cmd, subscribe => File[$ssl_ca_file], refreshonly => true } + if str2bool($::is_controller_active) { + Exec['restart docker'] + -> file { '/etc/platform/.ssl_ca_complete': + ensure => present, + owner => root, + group => root, + mode => '0644', + } + } } diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py index 232a38ac59..6a555c8e79 100644 --- a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py +++ b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py @@ -10292,7 +10292,8 @@ class ConductorManager(service.PeriodicService): } self._config_apply_runtime_manifest(context, config_uuid, - config_dict) + config_dict, + force=True) elif mode == constants.CERT_MODE_DOCKER_REGISTRY: LOG.info("Docker registry certificate install") # docker registry requires a PKCS1 key for the token server