From d340a1de50b55a73f0e3a4d398ee735b0ccc128b Mon Sep 17 00:00:00 2001 From: "wu.chunyang" Date: Wed, 17 Nov 2021 22:43:42 +0800 Subject: [PATCH] Fix update listener certs doesn't work This change fixes listener update sni-container-refs doesn't work by adding O_TRUNC flag to upload_certificate method Change-Id: I59664615e1ef5e46a99c12256dbe02f89ecf4c0b --- octavia/amphorae/backends/agent/api_server/loadbalancer.py | 2 +- .../fix-listener-update-certs-failed-315c66f4806e76c8.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/fix-listener-update-certs-failed-315c66f4806e76c8.yaml diff --git a/octavia/amphorae/backends/agent/api_server/loadbalancer.py b/octavia/amphorae/backends/agent/api_server/loadbalancer.py index 57940115e9..ddfc159dff 100644 --- a/octavia/amphorae/backends/agent/api_server/loadbalancer.py +++ b/octavia/amphorae/backends/agent/api_server/loadbalancer.py @@ -387,7 +387,7 @@ class Loadbalancer(object): stream = Wrapped(flask.request.stream) file = self._cert_file_path(lb_id, filename) - flags = os.O_WRONLY | os.O_CREAT + flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC # mode 00600 mode = stat.S_IRUSR | stat.S_IWUSR with os.fdopen(os.open(file, flags, mode), 'wb') as crt_file: diff --git a/releasenotes/notes/fix-listener-update-certs-failed-315c66f4806e76c8.yaml b/releasenotes/notes/fix-listener-update-certs-failed-315c66f4806e76c8.yaml new file mode 100644 index 0000000000..e87ea73883 --- /dev/null +++ b/releasenotes/notes/fix-listener-update-certs-failed-315c66f4806e76c8.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fix update listener certs failed. The fix ensures + that an existing certificate gets overwritten properly.