starlingx/stx-puppet
Code Issues Proposed changes

Add timeout for get_endpoint_certificate

Browse Source 
This commit works around the lack of a proper timeout in the
ssl.get_server_certificate() call. A proper timeout is available in
python 3.8+ (see https://bugs.python.org/issue31870).

We work around the lack of timeout by first attempting a basic socket
connection to the (host, port) with a short timeout (default: 10s). If
that is successful we can continue to fetch the server certificate;
otherwise we abandon the attempt.

Test Plan / Failure Path:

PASS: Verify proper timeout when subcloud is offline/shutdown
PASS: Verify proper behaviour when subcloud is available

Regression:
PASS: Verify feature logging

Story: 2008960
Task: 43545

Change-Id: If0f7c926e136fc776dbc74ed27b767af1af2cf80
Signed-off-by: Kyle MacLeod <kyle.macleod@windriver.com>
This commit is contained in:
Kyle MacLeod 2021-10-06 15:37:47 -04:00
parent 6df149790d
commit d4f8e43d64
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/puppet-sysinv/src/sysinv/manifests/certmon.pp
View File

@ -87,6 +87,7 @@ class sysinv::certmon (
'certmon/network_max_retry': value => 5;
'certmon/audit_batch_size': value => 10;
'certmon/audit_greenpool_size': value => 4;
'certmon/certificate_timeout_secs': value => 10;
}
if $keystone_enabled {