From 04bc55c6e7af2ca8b36148c535157af9c0c0dfb0 Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Tue, 16 Jan 2024 12:14:24 -0700 Subject: [PATCH] fix: add timeout for registrar service - use 30 second timeout for registrar and verifier Cause: The registrar service can fail, but the Ansible service reports success. Consequence: The user does not know that the registrar was mis-configured. Fix: Check the registrar ip and port to ensure they become available. Use a 30 second timeout for both the verifier and registrar as the default 300 seconds for the `wait_for` module is too long. Result: Users are notified in a timely manner if the services failed to start. Signed-off-by: Rich Megginson --- tasks/main.yml | 7 +++++++ vars/main.yml | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/tasks/main.yml b/tasks/main.yml index 9345677..de1d74d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -36,9 +36,16 @@ ansible.builtin.wait_for: host: "{{ keylime_server_verifier_ip }}" port: "{{ keylime_server_verifier_port }}" + timeout: "{{ __keylime_service_timeout }}" - name: Ensure the registrar is enabled and started service: name: "{{ __keylime_server_registrar_service }}" state: started enabled: true + +- name: Make sure the registrar is up and running + ansible.builtin.wait_for: + host: "{{ keylime_server_registrar_ip }}" + port: "{{ keylime_server_registrar_port }}" + timeout: "{{ __keylime_service_timeout }}" diff --git a/vars/main.yml b/vars/main.yml index e36d2da..fe82e78 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -40,3 +40,7 @@ __keylime_server_verifier_keys_certs_config: verifier-keys-certs.conf __keylime_server_registrar_ip_config: registrar-ip.conf __keylime_server_registrar_database_config: registrar-database.conf __keylime_server_registrar_keys_certs_config: registrar-keys-certs.conf + +# time, in seconds, to wait for the verifier and registrar +# services to become available +__keylime_service_timeout: 30