Update CA certificate install command in migration playbook
Added new ca certificate install commands in the playbook Testcases: PASS: Bootstrap the system with changes and verify that system is installed successfully PASS: Run update_platform_certificates and verify it is successful PASS: Bootstrap systemcontroller and verify that system is installed successfully, bootstrap subcloud from systemcontroller and verify subcloud is installed fine. Story: 2010848 Task: 48473 Change-Id: I4151e1be84e2cc9d65f5740a9280408a202c1765 Signed-off-by: amantri <ayyappa.mantri@windriver.com> Depends-on: https://review.opendev.org/c/starlingx/config/+/893799
This commit is contained in:
parent
16536b552b
commit
021d102096
|
@ -466,11 +466,11 @@
|
|||
- name: Check for existing ssl_ca certificates
|
||||
shell: |
|
||||
source /etc/platform/openrc
|
||||
system certificate-list | grep ssl_ca | awk '{ print $2 }'
|
||||
system ca-certificate-list | awk '{ print $2 }' | awk 'NR>3 && NF'
|
||||
register: existing_ssl_ca_certificates_uuid
|
||||
|
||||
- name: Delete existing ssl_ca certificates
|
||||
shell: source /etc/platform/openrc; system certificate-uninstall -m ssl_ca {{ item }}
|
||||
shell: source /etc/platform/openrc; system ca-certificate-uninstall {{ item }}
|
||||
with_items:
|
||||
- "{{ existing_ssl_ca_certificates_uuid.stdout_lines }}"
|
||||
when: existing_ssl_ca_certificates_uuid.stdout_lines | length > 0
|
||||
|
@ -491,7 +491,7 @@
|
|||
state: absent
|
||||
|
||||
- name: Add ssl_ca certificate
|
||||
shell: source /etc/platform/openrc; system certificate-install -m ssl_ca {{ temp_ssl_ca }}
|
||||
shell: source /etc/platform/openrc; system ca-certificate-install {{ temp_ssl_ca }}
|
||||
register: add_ssl_ca_certificate
|
||||
|
||||
- name: Wait for certificate install
|
||||
|
|
|
@ -205,9 +205,9 @@
|
|||
{% elif registry_cert_expiration.rc != 0 %}
|
||||
Docker Registry certificate is expired.
|
||||
{% endif %}
|
||||
Manual action required! On the subcloud, please update the expired certificates with
|
||||
`system certificate-install` and then run 'dcmanager subcloud delete' and
|
||||
'dcmanager subcloud add' again to restart the procedure.
|
||||
Manual action required! On the subcloud, please update the expired certificates
|
||||
and then run 'dcmanager subcloud delete' and 'dcmanager subcloud add' again to
|
||||
restart the procedure.
|
||||
when: restapi_cert_expiration.rc is defined and
|
||||
restapi_cert_expiration.rc != 0 or
|
||||
registry_cert_expiration.rc != 0
|
||||
|
|
|
@ -104,7 +104,7 @@
|
|||
- name: Install system_root_ca_cert certificate as a Trusted CA certificate
|
||||
shell: >-
|
||||
source /etc/platform/openrc &&
|
||||
system certificate-install -m ssl_ca "{{ root_ca_file.path }}"
|
||||
system ca-certificate-install "{{ root_ca_file.path }}"
|
||||
register: install_cert_output
|
||||
until: install_cert_output is not failed
|
||||
retries: 3
|
||||
|
|
|
@ -76,7 +76,7 @@
|
|||
|
||||
# Ensures ICA is also installed in system controller
|
||||
# even when target_list contains only subclouds
|
||||
# Moved this tasks to be the very last because 'system certificate-install'
|
||||
# Moved this tasks to be the very last because 'system ca-certificate-install'
|
||||
# creates a temporary management affecting alarm. In order to avoid waiting
|
||||
# for it to clear, running it as a last step. No side effects of doing this.
|
||||
- hosts: localhost
|
||||
|
|
Loading…
Reference in New Issue