This is an automated email from the ASF dual-hosted git repository.
ocket8888 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new 56d5fb8 CIAB: add sanity checks around x509 file existence (#3772)
56d5fb8 is described below
commit 56d5fb869be7fc782eea3567fdb6c973ce6ac169
Author: Rawlin Peters <[email protected]>
AuthorDate: Tue Aug 6 05:01:49 2019 -0600
CIAB: add sanity checks around x509 file existence (#3772)
There is a race condition around the readability/existence of generated
certs and attempting to add them into TO. This adds some sanity checks
aorund the existence of delivery service x509 env vars and file
existence and sets the X509_GENERATION_COMPLETE env var only after all
the delivery service sslkeys have been genereated.
Fixes #3769
---
infrastructure/cdn-in-a-box/traffic_ops/generate-certs.sh | 1 -
infrastructure/cdn-in-a-box/traffic_ops/run-go.sh | 6 ++++++
infrastructure/cdn-in-a-box/traffic_ops/run.sh | 1 +
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/generate-certs.sh
b/infrastructure/cdn-in-a-box/traffic_ops/generate-certs.sh
index e879f0e..08eaba3 100755
--- a/infrastructure/cdn-in-a-box/traffic_ops/generate-certs.sh
+++ b/infrastructure/cdn-in-a-box/traffic_ops/generate-certs.sh
@@ -404,7 +404,6 @@ x509v3_create_cert()
echo "X509_${env_name}_CERT_FILE=\"$cert_file\"" >> "$X509_CA_ENV_FILE"
echo "X509_${env_name}_KEY_FILE=\"$key_file\"" >> "$X509_CA_ENV_FILE"
echo "X509_${env_name}_REQUEST_FILE=\"$request_file\"" >> "$X509_CA_ENV_FILE"
- echo "X509_GENERATION_COMPLETE=\"YES\"" >> "$X509_CA_ENV_FILE"
}
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/run-go.sh
b/infrastructure/cdn-in-a-box/traffic_ops/run-go.sh
index 6a542c7..fffe774 100755
--- a/infrastructure/cdn-in-a-box/traffic_ops/run-go.sh
+++ b/infrastructure/cdn-in-a-box/traffic_ops/run-go.sh
@@ -87,6 +87,12 @@ while true; do
done
### Add SSL keys for demo1 delivery service
+until [[ -s "$X509_DEMO1_CERT_FILE" && -s "$X509_DEMO1_REQUEST_FILE" && -s
"$X509_DEMO1_KEY_FILE" ]]
+do
+ echo "Waiting on X509_DEMO1 files to exist"
+ sleep 3
+ source "$X509_CA_ENV_FILE"
+done
to-add-sslkeys $CDN_NAME $ds_name "*.demo1.mycdn.ciab.test"
$X509_DEMO1_CERT_FILE $X509_DEMO1_REQUEST_FILE $X509_DEMO1_KEY_FILE
### Automatic Queue/Snapshot ###
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/run.sh
b/infrastructure/cdn-in-a-box/traffic_ops/run.sh
index bea6c0d..1dbb577 100755
--- a/infrastructure/cdn-in-a-box/traffic_ops/run.sh
+++ b/infrastructure/cdn-in-a-box/traffic_ops/run.sh
@@ -70,6 +70,7 @@ elif x509v3_init; then
do
x509v3_create_cert "$ds" "$ds.$CDN_FQDN"
done
+ echo "X509_GENERATION_COMPLETE=\"YES\"" >> "$X509_CA_ENV_FILE"
x509v3_dump_env
# Save newly generated certs for future restarts.
rsync -av "$X509_CA_DIR/" "$X509_CA_PERSIST_DIR/"
