Treat sealed OpenBao preflight as expected
This commit is contained in:
@@ -82,6 +82,8 @@ Expected immediately after install:
|
|||||||
- `bao status` reports `Initialized: false` and `Sealed: true`.
|
- `bao status` reports `Initialized: false` and `Sealed: true`.
|
||||||
|
|
||||||
That state is intentional until the bootstrap ceremony is completed.
|
That state is intentional until the bootstrap ceremony is completed.
|
||||||
|
`bao status` may return exit code `2` while sealed; this is expected for the
|
||||||
|
pre-init state and does not by itself indicate a deployment failure.
|
||||||
|
|
||||||
## Bootstrap Ceremony
|
## Bootstrap Ceremony
|
||||||
|
|
||||||
|
|||||||
@@ -75,8 +75,28 @@ run get pvc -n "$OPENBAO_NAMESPACE" >/dev/null
|
|||||||
ok "PVC query succeeded"
|
ok "PVC query succeeded"
|
||||||
|
|
||||||
step "OpenBao seal/init status"
|
step "OpenBao seal/init status"
|
||||||
if run exec -n "$OPENBAO_NAMESPACE" "$pod" -- bao status; then
|
status_output=""
|
||||||
|
status_code=0
|
||||||
|
if status_output="$(run exec -n "$OPENBAO_NAMESPACE" "$pod" -- bao status 2>&1)"; then
|
||||||
|
status_code=0
|
||||||
|
else
|
||||||
|
status_code=$?
|
||||||
|
fi
|
||||||
|
printf '%s\n' "$status_output"
|
||||||
|
|
||||||
|
status_initialized="$(printf '%s\n' "$status_output" | awk '$1 == "Initialized" {print $2; exit}')"
|
||||||
|
status_sealed="$(printf '%s\n' "$status_output" | awk '$1 == "Sealed" {print $2; exit}')"
|
||||||
|
|
||||||
|
if [ "$status_code" -eq 0 ]; then
|
||||||
ok "bao status command succeeded"
|
ok "bao status command succeeded"
|
||||||
|
elif [ "$status_code" -eq 2 ] && [ "$status_initialized" = "false" ] && [ "$status_sealed" = "true" ]; then
|
||||||
|
ok "OpenBao is reachable and waiting for first init/unseal ceremony"
|
||||||
|
elif [ "$status_code" -eq 2 ] && [ "$status_sealed" = "true" ]; then
|
||||||
|
if [ "$MODE" = "basic" ]; then
|
||||||
|
ok "OpenBao is reachable and sealed"
|
||||||
|
else
|
||||||
|
warn "OpenBao is still sealed; post-unseal verification is not complete"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
warn "bao status failed. Check pod logs and command availability."
|
warn "bao status failed. Check pod logs and command availability."
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user