diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-07 11:36:09 +0100 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2024-01-07 11:36:09 +0100 |
commit | 9162631f12ade65392ea2fa53642ea4af39627c7 (patch) | |
tree | 13e2db8e3dceaf84e524ada23d5bb29f17922f66 /data/templates/conntrackd/conntrackd.conf.j2 | |
parent | 410458c00e6202dd9a5c52b3c5ac00a90db5bc53 (diff) | |
download | vyos-1x-9162631f12ade65392ea2fa53642ea4af39627c7.tar.gz vyos-1x-9162631f12ade65392ea2fa53642ea4af39627c7.zip |
pki: T5905: do not use expand_nodes=Diff.ADD|Diff.DELETE) in node_changed()
This fixes a priority inversion when doing initial certificate commits.
* pki subsystem is executed with priority 300
* vti uses priority 381
* ipsec uses priority 901
On commit pki.py will be executed first, detecting a change in dependencies
for vpn_ipsec.py which will be executed second. The VTI interface was yet not
created leading to ConfigError('VTI interface XX for site-to-site peer YY does
not exist!')
The issue is caused by this new line of code in commit b8db1a9d7ba ("pki:
T5886: add support for ACME protocol (LetsEncrypt)") file src/conf_mode/pki.py
line 139 which triggers the dependency update even if a key is newly added.
This commit changes the "detection" based on the cerbot configuration on disk.
Diffstat (limited to 'data/templates/conntrackd/conntrackd.conf.j2')
0 files changed, 0 insertions, 0 deletions