Merge "Update CA certificate install command in migration playbook"

2024-04-18 13:43:34 +00:00 · 2024-04-18 13:43:34 +00:00 · 8ea2fa935f
parent f4e79031e6 021d102096
commit 8ea2fa935f
4 changed files with 8 additions and 8 deletions
--- a/playbookconfig/src/playbooks/roles/bootstrap/persist-config/tasks/main.yml
+++ b/playbookconfig/src/playbooks/roles/bootstrap/persist-config/tasks/main.yml
@ -466,11 +466,11 @@
  - name: Check for existing ssl_ca certificates
    shell: |
      source /etc/platform/openrc
-      system certificate-list | grep ssl_ca | awk '{ print $2 }'
+      system ca-certificate-list | awk '{ print $2 }' | awk 'NR>3 && NF'
    register: existing_ssl_ca_certificates_uuid

  - name: Delete existing ssl_ca certificates
-    shell: source /etc/platform/openrc; system certificate-uninstall -m ssl_ca {{ item }}
+    shell: source /etc/platform/openrc; system ca-certificate-uninstall {{ item }}
    with_items:
    - "{{ existing_ssl_ca_certificates_uuid.stdout_lines }}"
    when: existing_ssl_ca_certificates_uuid.stdout_lines | length > 0
@ -491,7 +491,7 @@
      state: absent

  - name: Add ssl_ca certificate
-    shell: source /etc/platform/openrc; system certificate-install -m ssl_ca {{ temp_ssl_ca }}
+    shell: source /etc/platform/openrc; system ca-certificate-install {{ temp_ssl_ca }}
    register: add_ssl_ca_certificate

  - name: Wait for certificate install
--- a/playbookconfig/src/playbooks/roles/common/recover-subcloud-certificates/tasks/validate-restapi-and-registry-certificates.yml
+++ b/playbookconfig/src/playbooks/roles/common/recover-subcloud-certificates/tasks/validate-restapi-and-registry-certificates.yml
@ -205,9 +205,9 @@
      {% elif registry_cert_expiration.rc != 0 %}
      Docker Registry certificate is expired.
      {% endif %}
-      Manual action required! On the subcloud, please update the expired certificates with
-      `system certificate-install` and then run 'dcmanager subcloud delete' and
-      'dcmanager subcloud add' again to restart the procedure.
+      Manual action required! On the subcloud, please update the expired certificates
+      and then run 'dcmanager subcloud delete' and 'dcmanager subcloud add' again to
+      restart the procedure.
  when: restapi_cert_expiration.rc is defined and
        restapi_cert_expiration.rc != 0 or
        registry_cert_expiration.rc != 0
--- a/playbookconfig/src/playbooks/roles/common/verify-and-install-system-local-ca-certs/tasks/main.yml
+++ b/playbookconfig/src/playbooks/roles/common/verify-and-install-system-local-ca-certs/tasks/main.yml
@ -104,7 +104,7 @@
    - name: Install system_root_ca_cert certificate as a Trusted CA certificate
      shell: >-
        source /etc/platform/openrc &&
-        system certificate-install -m ssl_ca "{{ root_ca_file.path }}"
+        system ca-certificate-install "{{ root_ca_file.path }}"
      register: install_cert_output
      until: install_cert_output is not failed
      retries: 3
--- a/playbookconfig/src/playbooks/update_platform_certificates.yml
+++ b/playbookconfig/src/playbooks/update_platform_certificates.yml
@ -76,7 +76,7 @@

 # Ensures ICA is also installed in system controller
 # even when target_list contains only subclouds
-# Moved this tasks to be the very last because 'system certificate-install'
+# Moved this tasks to be the very last because 'system ca-certificate-install'
 # creates a temporary management affecting alarm. In order to avoid waiting
 # for it to clear, running it as a last step. No side effects of doing this.
 - hosts: localhost