Merge "redis: Remove default post-save command for certmonger"

files/certmonger-redis-refresh.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+
+container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli docker)
+
+container_name=$($container_cli ps --format="{{.Names}}" | grep redis_tls_proxy)
+
+service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::redis::service_certificate)"
+
+# Copy the new cert from the mount-point to the real path
+$container_cli exec "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_pem" "$service_pem"
+
+# Trigger a reload for stunnel to read the new certificates
+pkill -o -HUP stunnel

manifests/certmonger/redis.pp

@@ -33,7 +33,6 @@
 #
 # [*postsave_cmd*]
 #   (Optional) Specifies the command to execute after requesting a certificate.
-#   If nothing is given, it will default to: "systemctl restart ${service name}"
 #   Defaults to undef.
 #
 # [*principal*]
@@ -50,6 +49,13 @@ class tripleo::certmonger::redis (
 ) {
   include ::certmonger
 
+  ensure_resource('file', '/usr/bin/certmonger-redis-refresh.sh', {
+    source  => 'puppet:///modules/tripleo/certmonger-redis-refresh.sh',
+    mode    => '0700',
+    seltype => 'bin_t',
+    notify  => Service['certmonger']
+  })
+
   certmonger_certificate { 'redis' :
     ensure       => 'present',
     certfile     => $service_certificate,