Skip to content

Commit

Permalink
REQ-403 gencert.service - generate pool cert first
Browse files Browse the repository at this point in the history 
Certificates for xapi's API clients and internal pool communication are
generated by gencert.service, which invokes gencert for this. The
certificate for the API clients requires the IP of the management
interface (obtained by gencert), which might not be yet available and
causes this to fail. The certificate for the pool communication does not
suffer from this dependency. So generate it first to have it available.
If the second call then fails, the systemd will run it again. But
gencert is idempotent such that the already created certificate for pool
communication won't be overwritten.

Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
  • Loading branch information
@lindig
lindig committed Feb 18, 2022
1 parent 660d0a3 commit 54803df
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions scripts/gencert.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ After=forkexecd.service
[Service]
User=root
Type=oneshot
ExecStart=/bin/sh -c '/opt/xensource/libexec/gencert /etc/xensource/xapi-ssl.pem default \
&& /opt/xensource/libexec/gencert /etc/xensource/xapi-pool-tls.pem xapi:pool'
ExecStart=/opt/xensource/libexec/gencert /etc/xensource/xapi-pool-tls.pem xapi:pool
ExecStart=/opt/xensource/libexec/gencert /etc/xensource/xapi-ssl.pem default
RemainAfterExit=yes

[Install]
Expand Down

0 comments on commit 54803df

Please sign in to comment.