HA: inject public certificates without blocking container
Do not inject public certificates in pacemaker bundles by means
of "podman cp", as this pauses the container for a short amount
of time and can make pacemaker operation fail during that time
window and impact cluster for no reason.
Keep "podman cp" for non-HA containers, as the freeze is short
and doesn't seem to impact podman monitoring anyway.
The new certificate injection only works for podman 1.9+, lower
version won't overwrite the existing certificate.
(cherry-picked from 93e53b74293cb4478ea415255fee96e7fddda004)
(squashed with Ic6e4264c5ad46bd2589cc907c365af2d42fde63d)
(removed a part that should stay in puppet-tripleo before wallaby)
Reviewed: https:/ /review. opendev. org/c/openstack /tripleo- heat-templates/ +/783942 /opendev. org/openstack/ tripleo- heat-templates/ commit/ 63001263ad011d5 a1dcca42fc7c795 99fe6c78c8
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/victoria
commit 63001263ad011d5 a1dcca42fc7c795 99fe6c78c8
Author: Damien Ciabrini <email address hidden>
Date: Mon Mar 22 18:04:08 2021 +0100
HA: inject public certificates without blocking container
Do not inject public certificates in pacemaker bundles by means
of "podman cp", as this pauses the container for a short amount
of time and can make pacemaker operation fail during that time
window and impact cluster for no reason.
Keep "podman cp" for non-HA containers, as the freeze is short
and doesn't seem to impact podman monitoring anyway.
The new certificate injection only works for podman 1.9+, lower
version won't overwrite the existing certificate.
(cherry-picked from 93e53b74293cb44 78ea415255fee96 e7fddda004) d2589cc907c365a f2d42fde63d)
(squashed with Ic6e4264c5ad46b
(removed a part that should stay in puppet-tripleo before wallaby)
Closes-Bug: #1917868
Change-Id: Id7308f028f3371 6be5e3df6699c3f 2c12e33e344