Merge "Disable cert-mon audit for secondary subclouds"

2023-10-30 18:00:40 +00:00 · 2023-10-30 18:00:40 +00:00 · e9422e8bd7
parent 83607e5471 c67ab1eddd
commit e9422e8bd7
1 changed files with 14 additions and 0 deletions
--- a/sysinv/sysinv/sysinv/sysinv/cert_mon/certificate_mon_manager.py
+++ b/sysinv/sysinv/sysinv/sysinv/cert_mon/certificate_mon_manager.py
@ -33,6 +33,13 @@ from sysinv.common import utils as cutils
 LOG = log.getLogger(__name__)
 TASK_NAME_PAUSE_AUDIT = 'pause'

+INVALID_SUBCLOUD_AUDIT_DEPLOY_STATES = [
+    # Secondary subclouds should not be audited as they are expected
+    # to be managed by a peer system controller (geo-redundancy feat.)
+    'secondary',
+    'secondary-failed'
+]
+
 cert_mon_opts = [
    cfg.IntOpt('audit_interval',
               default=86400,  # 24 hours
@ -212,6 +219,13 @@ class CertificateMonManager(periodic_task.PeriodicTasks):
            """Ensure we always have a valid token"""
            return self.dc_token_cache.get_token()

+        # Abort audit if subcloud is in a valid deploy status
+        subcloud = utils.get_subcloud(my_dc_token(), subcloud_name)
+        if subcloud['deploy-status'] in INVALID_SUBCLOUD_AUDIT_DEPLOY_STATES:
+            LOG.info(f"Subcloud {subcloud_name} is in an invalid deploy status:"
+                     f" {subcloud['deploy-status']}, aborting audit")
+            return
+
        subcloud_sysinv_url = None
        try:
            subcloud_sysinv_url = utils.dc_get_subcloud_sysinv_url(