generated from coulomb/repo-seed
fix(creds-bootstrap): harden agent bootstrap for non-interactive execution
- creds-bootstrap-agent.sh: skip Phase 3 if all secrets already applied (avoids CNPG SSL connection drops from repeated reconciliation) - creds-bootstrap-agent.sh: wait for rollout to complete after restart before running enckey/admin bootstrap (fixes race with old pod) - creds-bootstrap-agent.sh: only restart privacyIDEA when Phase 3 ran - create-pi-token.sh: use env-var + retry for token fetch (no heredoc stdin; handles transient 500 from idle connection pool) - create-pi-token.sh: create keycape-pi-token K8s Secret after fetching - creds-verify.sh: map keycape-pi-token to secrets_applied.keycape (not pi_admin_created, which caused spurious Phase 5 re-runs) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -92,7 +92,7 @@ check "enckey (privacyidea-enckey)" \
|
||||
|
||||
check "pi-admin token (keycape-pi-token)" \
|
||||
sso keycape-pi-token \
|
||||
update_state_top pi_admin_created
|
||||
update_state_nested keycape
|
||||
|
||||
echo ""
|
||||
echo "Results: $pass present, $fail missing"
|
||||
|
||||
Reference in New Issue
Block a user