Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / salt / eb45892b342d36268bd0c8f6a6ead7833f654061^! / .
commiteb45892b342d36268bd0c8f6a6ead7833f654061[log] [tgz]
authorMartin Polreich <polreichmartin@gmail.com>Thu Aug 09 10:43:06 2018 +0200
committerMartin Polreich <polreichmartin@gmail.com>Mon Aug 13 15:35:44 2018 +0200
tree952f634ba6bcf8a1c66d4394eb4a133fa2e31243
parent44efe1736fde514e78aead9da5362901f965b6c4 [diff]
Add retry for x509.certificate_managed state

Fixes: PROD-21792 (PROD:21792)

Change-Id: Iff22ba927c74a9cb3bd8726253106ebdbb20fe32

diff --git a/salt/minion/ca.sls b/salt/minion/ca.sls
index fdad603..ae2678a 100644
--- a/salt/minion/ca.sls
+++ b/salt/minion/ca.sls

@@ -46,32 +46,38 @@
 
 {{ ca_file }}:
   x509.certificate_managed:
-  - signing_private_key: {{ ca_key_file }}
-  - CN: "{{ ca.common_name }}"
-  {%- if ca.country is defined %}
-  - C: {{ ca.country }}
-  {%- endif %}
-  {%- if ca.state is defined %}
-  - ST: {{ ca.state }}
-  {%- endif %}
-  {%- if ca.locality is defined %}
-  - L: {{ ca.locality }}
-  {%- endif %}
-  {%- if ca.organization is defined %}
-  - O: {{ ca.organization }}
-  {%- endif %}
-  {%- if ca.organization_unit is defined %}
-  - OU: {{ ca.organization_unit }}
-  {%- endif %}
-  - basicConstraints: "critical,CA:TRUE"
-  - keyUsage: {{ ca_key_usage }}
-  - subjectKeyIdentifier: hash
-  - authorityKeyIdentifier: keyid,issuer:always
-  - days_valid: {{ ca.days_valid.authority }}
-  - days_remaining: 0
-  - backup: True
-  - require:
-    - x509: {{ ca_key_file }}
+    - signing_private_key: {{ ca_key_file }}
+    - CN: "{{ ca.common_name }}"
+    {%- if ca.country is defined %}
+    - C: {{ ca.country }}
+    {%- endif %}
+    {%- if ca.state is defined %}
+    - ST: {{ ca.state }}
+    {%- endif %}
+    {%- if ca.locality is defined %}
+    - L: {{ ca.locality }}
+    {%- endif %}
+    {%- if ca.organization is defined %}
+    - O: {{ ca.organization }}
+    {%- endif %}
+    {%- if ca.organization_unit is defined %}
+    - OU: {{ ca.organization_unit }}
+    {%- endif %}
+    - basicConstraints: "critical,CA:TRUE"
+    - keyUsage: {{ ca_key_usage }}
+    - subjectKeyIdentifier: hash
+    - authorityKeyIdentifier: keyid,issuer:always
+    - days_valid: {{ ca.days_valid.authority }}
+    - days_remaining: 0
+    - backup: True
+    - require:
+      - x509: {{ ca_key_file }}
+    {%- if grains['saltversioninfo'][0] >= 2017 %}
+    - retry:
+        attepmts: 5
+        until: True
+        interval: 60
+    {%- endif %}
 
 # TODO: Squash this with the previous state after switch to Salt version >= 2016.11.2
 {{ ca_name }}_cert_permissions:

diff --git a/salt/minion/cert.sls b/salt/minion/cert.sls
index 720a695..293ead5 100644
--- a/salt/minion/cert.sls
+++ b/salt/minion/cert.sls

@@ -91,6 +91,12 @@
     - watch_in:
       - cmd: salt_minion_cert_{{ cert_name }}_all
     {%- endif %}
+    {%- if grains['saltversioninfo'][0] >= 2017 %}
+    - retry:
+        attepmts: 5
+        until: True
+        interval: 60
+    {%- endif %}
 
 # TODO: Squash this with the previous state after switch to Salt version >= 2016.11.2
 {{ cert_file }}_cert_permissions: