Fix duplex system controller-1 fail to boot after unlock

It is due to controller-1 doesn't have /opt/platform/config folder. And cause puppet failure due to using non-exist file as source. Restrict the code for worker node only, since controller node already has ca cert in the ssl folder. Test: Pass simplex/duplex/multi node deployment with vm created. Closes-Bug: 1860529 Change-Id: I808ee15e5c78ebead114219d0ec428fb45cc9128 Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
2020-01-23 02:45:31 +08:00
parent f028178b74
commit c94fa4a017
1 changed files with 21 additions and 17 deletions
--- a/puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp
+++ b/puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp
@@ -271,23 +271,27 @@ class platform::dockerdistribution::compute
    content => template('platform/insecuredockerregistry.conf.erb'),
  }

-  # containerd requires ca file to access local secure registry
-  # For self signed cert, ca file is itself.
-  # cert_file and key_file are not needed when TLS mutual authentication is unused.
-  $shared_dir = $::platform::params::config_path
-  $certs_dir = '/etc/ssl/private'
-  file { $certs_dir:
-    ensure => 'directory',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0700',
-  }
-  -> file { "${certs_dir}/registry-cert.crt":
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0400',
-    source => "${shared_dir}/registry-cert.crt",
+  if $::personality != 'controller' {
+    # it is for worker node only, since controller node already has ca cert in ssl folder.
+
+    # containerd requires ca file to access local secure registry
+    # For self signed cert, ca file is itself.
+    # cert_file and key_file are not needed when TLS mutual authentication is unused.
+    $shared_dir = $::platform::params::config_path
+    $certs_dir = '/etc/ssl/private'
+    file { $certs_dir:
+      ensure => 'directory',
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0700',
+    }
+    -> file { "${certs_dir}/registry-cert.crt":
+      ensure => 'file',
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0400',
+      source => "${shared_dir}/registry-cert.crt",
+    }
  }
 }