Fix intermittent gate failure on key file generation
Closes-Bug: #1733268 Change-Id: Ia109e5e6711cb2802050b560cc8e20210bfee8b5
This commit is contained in:
parent
0c720cc102
commit
d187dd6ca4
|
@ -46,6 +46,7 @@ def read_key_from_file():
|
|||
|
||||
|
||||
def create_new_key_file():
|
||||
LOG.debug("Generate new key file")
|
||||
dir_path = os.path.dirname(_get_key_file_path())
|
||||
if not os.path.isdir(dir_path):
|
||||
os.makedirs(dir_path, mode=0o700) # important: restrictive permissions
|
||||
|
|
|
@ -168,6 +168,7 @@ def main():
|
|||
# initialize encryption key if datasource services enabled in this instance
|
||||
if cfg.CONF.datasources:
|
||||
encryption.initialize_key()
|
||||
LOG.debug("Initialized encryption key on datasource node")
|
||||
|
||||
# Construct requested deployment
|
||||
servers = launch_servers(cfg.CONF.node_id, cfg.CONF.api,
|
||||
|
|
|
@ -217,13 +217,9 @@ function start_congress_service_and_check {
|
|||
fi
|
||||
|
||||
echo "Waiting for Congress to start..."
|
||||
# FIXME(arosen): using curl right now to check if congress is alive once we implement version use check below.
|
||||
if ! timeout $SERVICE_TIMEOUT sh -c "while ! curl --noproxy $CONGRESS_HOST http://$CONGRESS_HOST:$CONGRESS_PORT; do sleep 1; done"; then
|
||||
if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$CONGRESS_HOST:$CONGRESS_PORT; do sleep 1; done"; then
|
||||
die $LINENO "Congress did not start"
|
||||
fi
|
||||
# if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$CONGRESS_HOST:$CONGRESS_PORT; do sleep 1; done"; then
|
||||
# die $LINENO "Congress did not start"
|
||||
# fi
|
||||
|
||||
# Expose encryption key to tempest test launched replica instances
|
||||
# WARNING: this setting deploys an insecure setup meant for gate-test only
|
||||
|
@ -236,8 +232,9 @@ function start_congress_service_and_check {
|
|||
# If needed in future, this script can read custom key location from
|
||||
# $CONGRESS_CONF and adjust accordingly
|
||||
if [ "$CONGRESS_EXPOSE_ENCRYPTION_KEY_FOR_TEST" == "True" ]; then
|
||||
if [ ! -f /etc/congress/keys/aes_key ]; then
|
||||
die $LINENO "Unexpected error where Congress responds before key files are created."
|
||||
# Datasource service starts later than api service, so wait until datasource service fully started.
|
||||
if ! timeout $SERVICE_TIMEOUT sh -c "while [ ! -f /etc/congress/keys/aes_key ]; do sleep 1; done"; then
|
||||
die $LINENO "Unexpected error in key file creation"
|
||||
fi
|
||||
chmod a+rx /etc/congress/keys
|
||||
chmod a+r /etc/congress/keys/aes_key
|
||||
|
|
Loading…
Reference in New Issue