HomeVyOS Platform
Diffusion vyos-1x 4dfb14d509b9

pki: T5905: do not use expand_nodes=Diff.ADD|Diff.DELETE) in node_changed()
4dfb14d509b9
Actions

This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.

Description

pki: T5905: do not use expand_nodes=Diff.ADD|Diff.DELETE) in node_changed()

This fixes a priority inversion when doing initial certificate commits.

  • pki subsystem is executed with priority 300
  • vti uses priority 381
  • ipsec uses priority 901

On commit pki.py will be executed first, detecting a change in dependencies
for vpn_ipsec.py which will be executed second. The VTI interface was yet not
created leading to ConfigError('VTI interface XX for site-to-site peer YY does
not exist!')

The issue is caused by this new line of code in commit b8db1a9d7ba ("pki:
T5886: add support for ACME protocol (LetsEncrypt)") file src/conf_mode/pki.py
line 139 which triggers the dependency update even if a key is newly added.

This commit changes the "detection" based on the cerbot configuration on disk.

(cherry picked from commit 9162631f12ade65392ea2fa53642ea4af39627c7)

Details

Provenance
c-poAuthored on Jan 7 2024, 10:36 AM
Parents
rVYOSONEX1b85e7a9442a: https: T5886: migrate https certbot to new "pki certificate" CLI tree
Branches
Loading...
Tags
Loading...

Changes (1)

PathSize
src/
conf_mode/

rVYOSONEX4dfb14d509b9

View Options

src/conf_mode/pki.py

Loading...