Fix intermittent gate failure on key file generation

Closes-Bug: #1733268
Change-Id: Ia109e5e6711cb2802050b560cc8e20210bfee8b5
This commit is contained in:
Anusha Ramineni 2017-11-20 08:38:25 +05:30
parent 0c720cc102
commit d187dd6ca4
3 changed files with 6 additions and 7 deletions

View File

@ -46,6 +46,7 @@ def read_key_from_file():
def create_new_key_file():
LOG.debug("Generate new key file")
dir_path = os.path.dirname(_get_key_file_path())
if not os.path.isdir(dir_path):
os.makedirs(dir_path, mode=0o700) # important: restrictive permissions

View File

@ -168,6 +168,7 @@ def main():
# initialize encryption key if datasource services enabled in this instance
if cfg.CONF.datasources:
encryption.initialize_key()
LOG.debug("Initialized encryption key on datasource node")
# Construct requested deployment
servers = launch_servers(cfg.CONF.node_id, cfg.CONF.api,

View File

@ -217,13 +217,9 @@ function start_congress_service_and_check {
fi
echo "Waiting for Congress to start..."
# FIXME(arosen): using curl right now to check if congress is alive once we implement version use check below.
if ! timeout $SERVICE_TIMEOUT sh -c "while ! curl --noproxy $CONGRESS_HOST http://$CONGRESS_HOST:$CONGRESS_PORT; do sleep 1; done"; then
if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$CONGRESS_HOST:$CONGRESS_PORT; do sleep 1; done"; then
die $LINENO "Congress did not start"
fi
# if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$CONGRESS_HOST:$CONGRESS_PORT; do sleep 1; done"; then
# die $LINENO "Congress did not start"
# fi
# Expose encryption key to tempest test launched replica instances
# WARNING: this setting deploys an insecure setup meant for gate-test only
@ -236,8 +232,9 @@ function start_congress_service_and_check {
# If needed in future, this script can read custom key location from
# $CONGRESS_CONF and adjust accordingly
if [ "$CONGRESS_EXPOSE_ENCRYPTION_KEY_FOR_TEST" == "True" ]; then
if [ ! -f /etc/congress/keys/aes_key ]; then
die $LINENO "Unexpected error where Congress responds before key files are created."
# Datasource service starts later than api service, so wait until datasource service fully started.
if ! timeout $SERVICE_TIMEOUT sh -c "while [ ! -f /etc/congress/keys/aes_key ]; do sleep 1; done"; then
die $LINENO "Unexpected error in key file creation"
fi
chmod a+rx /etc/congress/keys
chmod a+r /etc/congress/keys/aes_key