Merge "rabbitmq: Remove default post-save command for certmonger"
This commit is contained in:
commit
7acd72e0f2
|
@ -0,0 +1,17 @@
|
|||
#!/bin/bash
|
||||
|
||||
|
||||
container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli docker)
|
||||
|
||||
container_name=$($container_cli ps --format="{{.Names}}" | grep rabbitmq)
|
||||
|
||||
service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate)"
|
||||
|
||||
# Copy the new cert from the mount-point to the real path
|
||||
$container_cli exec "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_pem" "$service_pem"
|
||||
|
||||
# Set appropriate permissions
|
||||
$container_cli exec "$container_name" chown rabbitmq:rabbitmq "$service_pem"
|
||||
|
||||
# Trigger a pem cache clear in RabbitMQ to read the new certificates
|
||||
$container_cli exec $container_name rabbitmqctl eval "ssl:clear_pem_cache()."
|
|
@ -33,7 +33,6 @@
|
|||
#
|
||||
# [*postsave_cmd*]
|
||||
# (Optional) Specifies the command to execute after requesting a certificate.
|
||||
# If nothing is given, it will default to: "systemctl restart ${service name}"
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*principal*]
|
||||
|
@ -51,7 +50,13 @@ class tripleo::certmonger::rabbitmq (
|
|||
include ::certmonger
|
||||
include ::rabbitmq::params
|
||||
|
||||
$postsave_cmd_real = pick($postsave_cmd, "systemctl restart ${::rabbitmq::params::service_name}")
|
||||
ensure_resource('file', '/usr/bin/certmonger-rabbitmq-refresh.sh', {
|
||||
source => 'puppet:///modules/tripleo/certmonger-rabbitmq-refresh.sh',
|
||||
mode => '0700',
|
||||
seltype => 'bin_t',
|
||||
notify => Service['certmonger']
|
||||
})
|
||||
|
||||
certmonger_certificate { 'rabbitmq' :
|
||||
ensure => 'present',
|
||||
certfile => $service_certificate,
|
||||
|
@ -59,7 +64,7 @@ class tripleo::certmonger::rabbitmq (
|
|||
hostname => $hostname,
|
||||
dnsname => $hostname,
|
||||
principal => $principal,
|
||||
postsave_cmd => $postsave_cmd_real,
|
||||
postsave_cmd => $postsave_cmd,
|
||||
ca => $certmonger_ca,
|
||||
wait => true,
|
||||
require => Class['::certmonger'],
|
||||
|
|
Loading…
Reference in New Issue