summaryrefslogtreecommitdiffstats
path: root/manifests/certmonger
diff options
context:
space:
mode:
authorEmilien Macchi <emilien@redhat.com>2016-09-20 15:52:18 -0400
committerEmilien Macchi <emilien@redhat.com>2016-09-20 16:17:43 -0400
commit9b974df7a2a20741b64b72e8980bc47c13b6166c (patch)
tree0464cf063b303f367952ef4d93b5c39b6fc24a52 /manifests/certmonger
parent6a9429eeda549f85fdb7e3748188046d702852fb (diff)
certmonger: improve orchestration for puppet4
The extract-and-trust-ca actually needs /var/lib/certmonger/local/creds file to be created, which is created when certmonger is started, not when package is installed. This patch change the exec dependency to run it only when service is started. Also, since the service create the file, let's relax the Exec a little bit by allowing to retry 5 times after 1s break in case the Exec fails, for example if service takes more than 5 seconds to create this file. It will avoid us some race condition in the deployment. Change-Id: I4cf4a04bddb8f042e8e8f7e1d1b69f846c533e3b
Diffstat (limited to 'manifests/certmonger')
-rw-r--r--manifests/certmonger/ca/local.pp10
1 files changed, 6 insertions, 4 deletions
diff --git a/manifests/certmonger/ca/local.pp b/manifests/certmonger/ca/local.pp
index ea08dec..b7b7328 100644
--- a/manifests/certmonger/ca/local.pp
+++ b/manifests/certmonger/ca/local.pp
@@ -29,9 +29,11 @@ class tripleo::certmonger::ca::local(
$extract_cmd = "openssl pkcs12 -in ${ca_pkcs12} -out ${ca_pem} -nokeys -nodes -passin pass:''"
$trust_ca_cmd = 'update-ca-trust extract'
exec { 'extract-and-trust-ca':
- command => "${extract_cmd} && ${trust_ca_cmd}",
- path => '/usr/bin',
- creates => $ca_pem,
- require => Package['certmonger'],
+ command => "${extract_cmd} && ${trust_ca_cmd}",
+ path => '/usr/bin',
+ creates => $ca_pem,
+ tries => 5,
+ try_sleep => 1,
+ require => Service['certmonger'],
}
}