Run fix_certs script automatically

Workaround for openshift-metal3#260. Because life is too short for broken certs. Signed-off-by: Zane Bitter <zbitter@redhat.com>
zaneb · Apr 9, 2019 · 98ba9fb · 98ba9fb
1 parent b09aaf2
commit 98ba9fb
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/06_create_cluster.sh b/06_create_cluster.sh
@@ -46,6 +46,10 @@ fi
 # Call kni-installer to deploy the bootstrap node and masters
 create_cluster ocp
 
+# Run the fix_certs.sh script periodically as a workaround for
+# https://github.com/openshift-metalkube/dev-scripts/issues/260
+sudo systemd-run --on-active=30s --on-unit-active=30m --unit=fix_certs.service $(dirname $0)/fix_certs.sh
+
 # Update kube-system ep/host-etcd used by cluster-kube-apiserver-operator to
 # generate storageConfig.urls
 patch_ep_host_etcd "$CLUSTER_DOMAIN"

diff --git a/fix_certs.sh b/fix_certs.sh
@@ -1,6 +1,8 @@
 #!/bin/bash
 
-# https://github.com/openshift-metalkube/dev-scripts/issues/141#issuecomment-474331659
+# https://github.com/openshift-metalkube/dev-scripts/issues/260
 
 export KUBECONFIG=$(dirname $0)/ocp/auth/kubeconfig
-oc get csr -o name | xargs -n 1 oc adm certificate approve
+for cert in $(oc get csr -o name); do
+    oc adm certificate approve "${cert}"
+done
diff --git a/ocp_cleanup.sh b/ocp_cleanup.sh
@@ -5,6 +5,8 @@ source logging.sh
 source common.sh
 source ocp_install_env.sh
 
+sudo systemctl stop fix_certs.timer
+
 if [ -d ocp ]; then
     $GOPATH/src/github.com/openshift-metalkube/kni-installer/bin/kni-install --dir ocp --log-level=debug destroy bootstrap
     $GOPATH/src/github.com/openshift-metalkube/kni-installer/bin/kni-install --dir ocp --log-level=debug destroy cluster