From d44a8080cf44b813b19ac71a63915c874f381dab Mon Sep 17 00:00:00 2001
From: Andy Ning <andy.ning@windriver.com>
Date: Thu, 9 Sep 2021 10:00:42 -0400
Subject: [PATCH] Restart sysinv API after k8s root CA update

During k8s root CA certificate update, the certificates in admin.conf
have been updated. Since both sysinv conductor and api cache k8s client
that get credentials from admin.conf, both of they need to restart.
(currently only conductor is restarted)

Closes-Bug: 1943080
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: Ic92d6e95980b088108b175d0cafa905fda2ffb09
---
 .../src/modules/platform/manifests/kubernetes.pp             | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
index 5ffef077..d7dc7b56 100644
--- a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
+++ b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
@@ -943,9 +943,10 @@ class platform::kubernetes::master::rootca::trustnewca::runtime
     environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf' ],
     command     => "kubectl config set-cluster kubernetes --certificate-authority ${rootca_certfile} --embed-certs",
   }
-  # Restart sysinv-conductor since it uses admin.conf
+  # Restart sysinv-conductor and sysinv-inv since they cache clients with
+  # credentials from admin.conf
   -> exec { 'restart_sysinv_conductor':
-    command => 'sm-restart-safe service sysinv-conductor',
+    command => 'sm-restart service sysinv-conductor',
   }
   # Restart cert-mon since it uses admin.conf
   -> exec { 'restart_cert_mon':