Fix system-local-ca ca.crt during upgrade
Included code to avoid repeating the system_local_ca_cert in case the ca.crt cannot be retrieved. Filling this field with a cert that it's not a RCA can cause problems when renewing certificates signed by 'system-local-ca' issuer, while having the field as an empty string doesn't pose a problem for renewal. Test plan: PASS: Bootstrap AIO-SX (fresh install). PASS: Bootstrap DC + SX subcloud (fresh install). PASS: Perform upgrade from stx 9.0 (AIO-SX). Story: 2009811 Task: 50018 Change-Id: I1757b5c0438aba9ca8a782b3f05c160cdabec134 Signed-off-by: Marcelo Loebens <Marcelo.DeCastroLoebens@windriver.com>
This commit is contained in:
parent
9c4a5ef225
commit
d76bdfa929
|
@ -3,7 +3,7 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
ca.crt: "{{ system_root_ca_cert | default(system_local_ca_cert) }}"
|
||||
ca.crt: "{{ system_root_ca_cert | default('', true) }}"
|
||||
tls.crt: "{{ system_local_ca_cert }}"
|
||||
tls.key: "{{ system_local_ca_key }}"
|
||||
kind: Secret
|
||||
|
|
|
@ -58,7 +58,7 @@
|
|||
|
||||
- name: Set system-local-ca data
|
||||
set_fact:
|
||||
system_root_ca_cert: "{{ ca_cert_result.stdout | default(cert_result.stdout, true) }}"
|
||||
system_root_ca_cert: "{{ ca_cert_result.stdout | default('', true) }}"
|
||||
system_local_ca_cert: "{{ cert_result.stdout }}"
|
||||
system_local_ca_key: "{{ key_result.stdout }}"
|
||||
system_local_ca_data_obtained: true
|
||||
|
|
Loading…
Reference in New Issue