B&R: Fix ssl server-cert for standby controller

Copy server-cert.pem from backup archive to shared filesystem so that mate controller can find it and allow unlock to proceed. Change-Id: I96c7dd11797fcd3a463db1c6a266c2860c35c5ab Closes-Bug: 1850714 Signed-off-by: Ovidiu Poncea <ovidiu.poncea@windriver.com>
2019-11-06 21:57:24 +02:00 · 2019-11-06 21:57:24 +02:00 · 2f7062ffa9
parent 6c3c78f23b
commit 2f7062ffa9
2 changed files with 13 additions and 0 deletions
--- a/playbookconfig/src/playbooks/roles/bootstrap/bringup-essential-services/tasks/bringup_local_registry.yml
+++ b/playbookconfig/src/playbooks/roles/bootstrap/bringup-essential-services/tasks/bringup_local_registry.yml
@ -149,6 +149,18 @@
    args:
      warn: false

+  - name: Check if {{ server_cert_pem }} exists
+    stat: path="{{ server_cert_pem }}"
+    register: server_cert_pem_stat
+
+  - name: Copy {{ server_cert_pem }} to shared filesystem for mate
+    copy:
+      src: "{{ server_cert_pem }}"
+      dest: "{{ config_permdir }}"
+      remote_src: yes
+      mode: preserve
+    when: server_cert_pem_stat.stat.exists
+
  when: mode == 'restore'

 - name: Copy certificate and keys to shared filesystem for mate
--- a/playbookconfig/src/playbooks/roles/bootstrap/bringup-essential-services/vars/main.yml
+++ b/playbookconfig/src/playbooks/roles/bootstrap/bringup-essential-services/vars/main.yml
@ -21,6 +21,7 @@ cert_cnf_file: /etc/ssl/private/registry-cert-extfile.cnf
 registry_cert_key: /etc/ssl/private/registry-cert.key
 registry_cert_crt: /etc/ssl/private/registry-cert.crt
 registry_cert_pkcs1_key: /etc/ssl/private/registry-cert-pkcs1.key
+server_cert_pem: /etc/ssl/private/server-cert.pem
 docker_cert_dir: /etc/docker/certs.d
 cgroup_root: /sys/fs/cgroup
 k8s_cgroup_name: k8s-infra