redis: Remove default post-save command for certmonger
The default command didn't work, so we need to fix that.
The script additionally copies the certificates in the right place
and instead of restarting stunnel, triggers a configuration reload.
Related-Bug: #1811401
Needed-By: I49811a6cab5416d965ce1da93a71728ad5b1d27c
Change-Id: I437d69fef45d1662e8908c5ca0f7063be6cb9b32
(cherry picked from commit 4deea3a46b
)
This commit is contained in:
parent
219c0f483c
commit
763467d7ac
|
@ -0,0 +1,14 @@
|
|||
#!/bin/bash
|
||||
|
||||
|
||||
container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli docker)
|
||||
|
||||
container_name=$($container_cli ps --format="{{.Names}}" | grep redis_tls_proxy)
|
||||
|
||||
service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::redis::service_certificate)"
|
||||
|
||||
# Copy the new cert from the mount-point to the real path
|
||||
$container_cli exec "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_pem" "$service_pem"
|
||||
|
||||
# Trigger a reload for stunnel to read the new certificates
|
||||
pkill -o -HUP stunnel
|
|
@ -33,7 +33,6 @@
|
|||
#
|
||||
# [*postsave_cmd*]
|
||||
# (Optional) Specifies the command to execute after requesting a certificate.
|
||||
# If nothing is given, it will default to: "systemctl restart ${service name}"
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*principal*]
|
||||
|
@ -50,6 +49,13 @@ class tripleo::certmonger::redis (
|
|||
) {
|
||||
include ::certmonger
|
||||
|
||||
ensure_resource('file', '/usr/bin/certmonger-redis-refresh.sh', {
|
||||
source => 'puppet:///modules/tripleo/certmonger-redis-refresh.sh',
|
||||
mode => '0700',
|
||||
seltype => 'bin_t',
|
||||
notify => Service['certmonger']
|
||||
})
|
||||
|
||||
certmonger_certificate { 'redis' :
|
||||
ensure => 'present',
|
||||
certfile => $service_certificate,
|
||||
|
|
Loading…
Reference in New Issue