HA: inject public certificates without blocking container
Do not inject public certificates in pacemaker bundles by means
of "podman cp", as this pauses the container for a short amount
of time and can make pacemaker operation fail during that time
window and impact cluster for no reason.
Keep "podman cp" for non-HA containers, as the freeze is short
and doesn't seem to impact podman monitoring anyway.
The new certificate injection only works for podman 1.9+, lower
version won't overwrite the existing certificate.
(cherry-picked from 93e53b74293cb4478ea415255fee96e7fddda004)
(squashed with Ic6e4264c5ad46bd2589cc907c365af2d42fde63d)
(removed a part that should stay in puppet-tripleo before wallaby)
Closes-Bug: #1917868
Change-Id: Id7308f028f33716be5e3df6699c3f2c12e33e344
(cherry picked from commit 63001263ad011d5a1dcca42fc7c79599fe6c78c8)
Reviewed: https:/ /review. opendev. org/c/openstack /tripleo- heat-templates/ +/790174 /opendev. org/openstack/ tripleo- heat-templates/ commit/ f43f11f7dcbaa07 7b1b1934473c914 3f0e89f90d
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/ussuri
commit f43f11f7dcbaa07 7b1b1934473c914 3f0e89f90d
Author: Damien Ciabrini <email address hidden>
Date: Mon Mar 22 18:04:08 2021 +0100
HA: inject public certificates without blocking container
Do not inject public certificates in pacemaker bundles by means
of "podman cp", as this pauses the container for a short amount
of time and can make pacemaker operation fail during that time
window and impact cluster for no reason.
Keep "podman cp" for non-HA containers, as the freeze is short
and doesn't seem to impact podman monitoring anyway.
The new certificate injection only works for podman 1.9+, lower
version won't overwrite the existing certificate.
(cherry-picked from 93e53b74293cb44 78ea415255fee96 e7fddda004) d2589cc907c365a f2d42fde63d)
(squashed with Ic6e4264c5ad46b
(removed a part that should stay in puppet-tripleo before wallaby)
Closes-Bug: #1917868
Change-Id: Id7308f028f3371 6be5e3df6699c3f 2c12e33e344 a1dcca42fc7c795 99fe6c78c8)
(cherry picked from commit 63001263ad011d5