From d0ec8e6bfff770c049486dd33b71dbf74508c721 Mon Sep 17 00:00:00 2001
From: Vadim Rutkovsky <vrutkovs@redhat.com>
Date: Fri, 10 May 2024 14:59:31 +0200
Subject: [PATCH] cert-rotation: CSR approval fixes

* print when CSR approval is completed. This helps correlate between
  kubelet logs and csr approval start/end period
* extend time we want for new certs. With leader election
  it takes ~7 minutes for new certs to be generated and distributed,
  so that kubelet could create CSRs after we finish approval.

  This extends timeout we wait for bootstrap certs to be approved from
  30*10/60 = 5 minutes to 40*15/60 = 10 minutes
---
 ...hift-e2e-cert-rotation-prepare-for-shutdown-commands.sh | 7 ++++---
 .../suspend/openshift-e2e-cert-rotation-suspend-ref.yaml   | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/ci-operator/step-registry/openshift/e2e/cert-rotation/prepare-for-shutdown/openshift-e2e-cert-rotation-prepare-for-shutdown-commands.sh b/ci-operator/step-registry/openshift/e2e/cert-rotation/prepare-for-shutdown/openshift-e2e-cert-rotation-prepare-for-shutdown-commands.sh
index b6dc38b4bbf5..fe04bc1d188d 100644
--- a/ci-operator/step-registry/openshift/e2e/cert-rotation/prepare-for-shutdown/openshift-e2e-cert-rotation-prepare-for-shutdown-commands.sh
+++ b/ci-operator/step-registry/openshift/e2e/cert-rotation/prepare-for-shutdown/openshift-e2e-cert-rotation-prepare-for-shutdown-commands.sh
@@ -57,7 +57,7 @@ cat << 'EOZ' > /tmp/approve-csrs-with-timeout.sh
     (( required_csrs=${#control_nodes[@]} + ${#compute_nodes[@]} ))
     approved_csrs=0
     attempts=0
-    max_attempts=30
+    max_attempts=40
     while (( required_csrs >= approved_csrs )); do
       echo -n '.'
       mapfile -d ' ' -t csrs < <(oc get csr --field-selector=spec.signerName=${field} --no-headers | grep Pending | cut -f1 -d" ")
@@ -70,10 +70,11 @@ cat << 'EOZ' > /tmp/approve-csrs-with-timeout.sh
       if (( attempts > max_attempts )); then
         break
       fi
-      sleep 10s
+      sleep 15s
     done
+    echo ""
   done
-  echo "Done"
+  echo "Finished CSR approval at $(date)"
 EOZ
 chmod a+x /tmp/approve-csrs-with-timeout.sh
 timeout ${COMMAND_TIMEOUT} ${SCP} /tmp/approve-csrs-with-timeout.sh "core@${control_nodes[0]}:/tmp/approve-csrs-with-timeout.sh"
diff --git a/ci-operator/step-registry/openshift/e2e/cert-rotation/suspend/openshift-e2e-cert-rotation-suspend-ref.yaml b/ci-operator/step-registry/openshift/e2e/cert-rotation/suspend/openshift-e2e-cert-rotation-suspend-ref.yaml
index 10acbede7fc6..a26c7a2883ac 100644
--- a/ci-operator/step-registry/openshift/e2e/cert-rotation/suspend/openshift-e2e-cert-rotation-suspend-ref.yaml
+++ b/ci-operator/step-registry/openshift/e2e/cert-rotation/suspend/openshift-e2e-cert-rotation-suspend-ref.yaml
@@ -1,6 +1,7 @@
 ref:
   as: openshift-e2e-cert-rotation-suspend
   from: baremetal-installer
+  timeout: 1h30m00s
   grace_period: 10m
   commands: openshift-e2e-cert-rotation-suspend-commands.sh
   resources: