From 658dae49f25f7875180ace072e59e23e5db03ce9 Mon Sep 17 00:00:00 2001
From: Rohit Yadav <rohit.yadav@shapeblue.com>
Date: Wed, 16 Jan 2019 13:31:13 +0530
Subject: [PATCH 1/2] keystore: restart systemvm cloud.service only when old
 keystore exist

This ensures that the systemvm agent (cloud.service) is not restarted
when old keystore does not exist. However, on subsequent reboots of
systemvm this will try to restart cloud.service after importing X509
certificates.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 scripts/util/keystore-cert-import | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/scripts/util/keystore-cert-import b/scripts/util/keystore-cert-import
index 96196d939021..6a2f1acb06b9 100755
--- a/scripts/util/keystore-cert-import
+++ b/scripts/util/keystore-cert-import
@@ -41,6 +41,12 @@ fi
 # Use a new keystore file
 NEW_KS_FILE="$KS_FILE.new"
 
+# Check/store old KS state
+OLD_KS_FILE_EXISTS=false
+if [ -f $KS_FILE ]; then
+    OLD_KS_FILE_EXISTS=true
+fi
+
 # Import certificate
 if [ ! -z "${CERT// }" ]; then
     echo "$CERT" > "$CERT_FILE"
@@ -98,11 +104,10 @@ if [ -f "$SYSTEM_FILE" ]; then
     chmod 755 /usr/local/share/ca-certificates/cloudstack
     chmod 644 /usr/local/share/ca-certificates/cloudstack/ca.crt
     update-ca-certificates > /dev/null 2>&1 || true
-fi
-
-# Restart cloud service if we're in systemvm
-if [ "$MODE" == "ssh" ] && [ -f $SYSTEM_FILE ]; then
-    systemctl restart cloud > /dev/null 2>&1
+    # Restart cloud service if keystore was changed
+    if [ "$MODE" == "ssh" ] && $OLD_KS_FILE_EXISTS; then
+        systemctl restart cloud > /dev/null 2>&1
+    fi
 fi
 
 # Fix file permission

From 919bb3959b045e158d629015b76101785357fb49 Mon Sep 17 00:00:00 2001
From: Rohit Yadav <rohit.yadav@shapeblue.com>
Date: Wed, 16 Jan 2019 13:38:19 +0530
Subject: [PATCH 2/2] restart logic is not necessary, the agent will attempt
 reconnect when old ks/certs are invalid

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 scripts/util/keystore-cert-import | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/scripts/util/keystore-cert-import b/scripts/util/keystore-cert-import
index 6a2f1acb06b9..424ab4a718e5 100755
--- a/scripts/util/keystore-cert-import
+++ b/scripts/util/keystore-cert-import
@@ -41,12 +41,6 @@ fi
 # Use a new keystore file
 NEW_KS_FILE="$KS_FILE.new"
 
-# Check/store old KS state
-OLD_KS_FILE_EXISTS=false
-if [ -f $KS_FILE ]; then
-    OLD_KS_FILE_EXISTS=true
-fi
-
 # Import certificate
 if [ ! -z "${CERT// }" ]; then
     echo "$CERT" > "$CERT_FILE"
@@ -104,10 +98,6 @@ if [ -f "$SYSTEM_FILE" ]; then
     chmod 755 /usr/local/share/ca-certificates/cloudstack
     chmod 644 /usr/local/share/ca-certificates/cloudstack/ca.crt
     update-ca-certificates > /dev/null 2>&1 || true
-    # Restart cloud service if keystore was changed
-    if [ "$MODE" == "ssh" ] && $OLD_KS_FILE_EXISTS; then
-        systemctl restart cloud > /dev/null 2>&1
-    fi
 fi
 
 # Fix file permission