From 8e3eac8ff752e35b04dae9ca104eca7d9409257a Mon Sep 17 00:00:00 2001
From: Martin Schuppert <mschuppert@redhat.com>
Date: Fri, 30 Oct 2020 10:29:18 +0100
Subject: [PATCH] Make sure qemu CA has correct permissions

Make sure the qemu ca has correct permissiones 0644 to be bind
mountend into the libvirt container.

Related-Bug: #1900986
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1888951

Change-Id: I9538b7e579d4921b14f6ef5eec0300e7e50628d4
(cherry picked from commit e3a3d3daf4f3a2d4b818129e93e0913346e295ea)
---
 manifests/certmonger/qemu.pp | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/manifests/certmonger/qemu.pp b/manifests/certmonger/qemu.pp
index cde023eb0..28032d72c 100644
--- a/manifests/certmonger/qemu.pp
+++ b/manifests/certmonger/qemu.pp
@@ -70,6 +70,26 @@ define tripleo::certmonger::qemu (
     require      => Class['::certmonger'],
   }
 
+  if $cacertfile {
+    # Sometimes certmonger returns before creating the cacert file. This has
+    # been reported in: https://bugzilla.redhat.com/show_bug.cgi?id=1759281
+    # Until this is fixed, add this workaround.
+    exec { $cacertfile :
+      require   => Certmonger_certificate[$name],
+      command   => "test -f ${cacertfile}",
+      unless    => "test -f ${cacertfile}",
+      tries     => 60,
+      try_sleep => 1,
+      timeout   => 60,
+      path      => '/usr/bin:/bin',
+    }
+
+    file { $cacertfile :
+      require => Exec[$cacertfile],
+      mode    => '0644'
+    }
+  }
+
   file { $service_certificate :
     require => Certmonger_certificate[$name],
     mode    => '0644'