From 9b974df7a2a20741b64b72e8980bc47c13b6166c Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Tue, 20 Sep 2016 15:52:18 -0400
Subject: certmonger: improve orchestration for puppet4

The extract-and-trust-ca actually needs /var/lib/certmonger/local/creds
file to be created, which is created when certmonger is started, not
when package is installed.
This patch change the exec dependency to run it only when service is
started.
Also, since the service create the file, let's relax the Exec a little
bit by allowing to retry 5 times after 1s break in case the Exec fails,
for example if service takes more than 5 seconds to create this file.
It will avoid us some race condition in the deployment.

Change-Id: I4cf4a04bddb8f042e8e8f7e1d1b69f846c533e3b
---
 manifests/certmonger/ca/local.pp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'manifests/certmonger')

diff --git a/manifests/certmonger/ca/local.pp b/manifests/certmonger/ca/local.pp
index ea08dec..b7b7328 100644
--- a/manifests/certmonger/ca/local.pp
+++ b/manifests/certmonger/ca/local.pp
@@ -29,9 +29,11 @@ class tripleo::certmonger::ca::local(
   $extract_cmd = "openssl pkcs12 -in ${ca_pkcs12} -out ${ca_pem} -nokeys -nodes -passin pass:''"
   $trust_ca_cmd = 'update-ca-trust extract'
   exec { 'extract-and-trust-ca':
-    command => "${extract_cmd} && ${trust_ca_cmd}",
-    path    => '/usr/bin',
-    creates => $ca_pem,
-    require => Package['certmonger'],
+    command   => "${extract_cmd} && ${trust_ca_cmd}",
+    path      => '/usr/bin',
+    creates   => $ca_pem,
+    tries     => 5,
+    try_sleep => 1,
+    require   => Service['certmonger'],
   }
 }
-- 
cgit 1.2.3-korg