Fix timeout waiting for CA cert install during ansible replay

During ansible bootstrap replay, the ssl_ca_complete_flag file is removed. It expects puppet platform::config::runtime manifest apply during system CA certificate install to re-generate it. So this commit updated conductor manager to run that puppet manifest even if the CA cert has already installed so that the ssl_ca_complete_flag file is created and makes ansible replay to continue. Change-Id: Ic9051fba9afe5d5a189e2be8c8c2960bdb0d20a4 Closes-Bug: 1868585 Signed-off-by: Andy Ning <andy.ning@windriver.com>
2020-03-23 16:26:21 -04:00 · 2020-03-23 16:26:21 -04:00 · d119336b3a
parent 3268bfb34b
commit d119336b3a
1 changed files with 14 additions and 13 deletions
--- a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py
+++ b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py
@ -10284,7 +10284,8 @@ class ConductorManager(service.PeriodicService):
                        and key.get('signature') in certs_file:
                    key_list.remove(key)

-            # Don't do anything if there are no new certs to install
+            # Save certs in files and cat them into ca-cert.pem to apply to the
+            # system.
            if key_list:
                # Save each cert in a separate file with signature as its name
                try:
@ -10308,18 +10309,18 @@ class ConductorManager(service.PeriodicService):
                # system CA certs.
                self._consolidate_cert_files()

-                personalities = [constants.CONTROLLER,
-                                 constants.WORKER,
-                                 constants.STORAGE]
-                config_uuid = self._config_update_hosts(context, personalities)
-                config_dict = {
-                    "personalities": personalities,
-                    "classes": ['platform::config::runtime']
-                }
-                self._config_apply_runtime_manifest(context,
-                                                    config_uuid,
-                                                    config_dict,
-                                                    force=True)
+            personalities = [constants.CONTROLLER,
+                             constants.WORKER,
+                             constants.STORAGE]
+            config_uuid = self._config_update_hosts(context, personalities)
+            config_dict = {
+                "personalities": personalities,
+                "classes": ['platform::config::runtime']
+            }
+            self._config_apply_runtime_manifest(context,
+                                                config_uuid,
+                                                config_dict,
+                                                force=True)
        elif mode == constants.CERT_MODE_DOCKER_REGISTRY:
            LOG.info("Docker registry certificate install")
            # docker registry requires a PKCS1 key for the token server