commit ebf0a0bd8063f1529a858ec9da3dcf7c09111e19
Author: Ade Lee <email address hidden>
Date: Fri Oct 18 15:06:02 2019 -0400
Restart certmnonger after registering system with IPA
If certmonger is not restarted when the server is registered with
IPA, then it may define the IPA CA as unreachable. This results
in CA certs not being stored when cert requests are made with a -F
option. Eventually, certmonger refreshes itself, but this can
take up to 8 hours.
We see this sometimes when doing brownfield deploys. The ca cert
fails to be created for some requests, resulting in containers
being unable to load.
We fix this by simply restarting certmonger after enrollment, and
avoiding the whole confused state.
Closes-Bug: 1850647
Change-Id: Id968a2d5170af1485417e41318e0187d79cd4aae
(cherry picked from commit bf0bc85ef42bd8d8b3540b1388d64c60e43a8907)
Reviewed: https:/ /review. opendev. org/691887 /git.openstack. org/cgit/ openstack/ tripleo- heat-templates/ commit/ ?id=ebf0a0bd806 3f1529a858ec9da 3dcf7c09111e19
Committed: https:/
Submitter: Zuul
Branch: stable/rocky
commit ebf0a0bd8063f15 29a858ec9da3dcf 7c09111e19
Author: Ade Lee <email address hidden>
Date: Fri Oct 18 15:06:02 2019 -0400
Restart certmnonger after registering system with IPA
If certmonger is not restarted when the server is registered with
IPA, then it may define the IPA CA as unreachable. This results
in CA certs not being stored when cert requests are made with a -F
option. Eventually, certmonger refreshes itself, but this can
take up to 8 hours.
We see this sometimes when doing brownfield deploys. The ca cert
fails to be created for some requests, resulting in containers
being unable to load.
We fix this by simply restarting certmonger after enrollment, and
avoiding the whole confused state.
Closes-Bug: 1850647 485417e41318e01 87d79cd4aae 8b3540b1388d64c 60e43a8907)
Change-Id: Id968a2d5170af1
(cherry picked from commit bf0bc85ef42bd8d