diff options
author | Emilien Macchi <emilien@redhat.com> | 2016-09-20 15:52:18 -0400 |
---|---|---|
committer | Emilien Macchi <emilien@redhat.com> | 2016-09-20 16:17:43 -0400 |
commit | 9b974df7a2a20741b64b72e8980bc47c13b6166c (patch) | |
tree | 0464cf063b303f367952ef4d93b5c39b6fc24a52 /manifests | |
parent | 6a9429eeda549f85fdb7e3748188046d702852fb (diff) |
certmonger: improve orchestration for puppet4
The extract-and-trust-ca actually needs /var/lib/certmonger/local/creds
file to be created, which is created when certmonger is started, not
when package is installed.
This patch change the exec dependency to run it only when service is
started.
Also, since the service create the file, let's relax the Exec a little
bit by allowing to retry 5 times after 1s break in case the Exec fails,
for example if service takes more than 5 seconds to create this file.
It will avoid us some race condition in the deployment.
Change-Id: I4cf4a04bddb8f042e8e8f7e1d1b69f846c533e3b
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/certmonger/ca/local.pp | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/manifests/certmonger/ca/local.pp b/manifests/certmonger/ca/local.pp index ea08dec..b7b7328 100644 --- a/manifests/certmonger/ca/local.pp +++ b/manifests/certmonger/ca/local.pp @@ -29,9 +29,11 @@ class tripleo::certmonger::ca::local( $extract_cmd = "openssl pkcs12 -in ${ca_pkcs12} -out ${ca_pem} -nokeys -nodes -passin pass:''" $trust_ca_cmd = 'update-ca-trust extract' exec { 'extract-and-trust-ca': - command => "${extract_cmd} && ${trust_ca_cmd}", - path => '/usr/bin', - creates => $ca_pem, - require => Package['certmonger'], + command => "${extract_cmd} && ${trust_ca_cmd}", + path => '/usr/bin', + creates => $ca_pem, + tries => 5, + try_sleep => 1, + require => Service['certmonger'], } } |