TLS everywhere: Set post-save command for redis

The default command wasn't working, here we set one that will actually work. The script additionally copies the certificates in the right place and instead of restarting stunnel, triggers a configuration reload. Related-Bug: #1811401 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: I437d69fef45d1662e8908c5ca0f7063be6cb9b32 Change-Id: I49811a6cab5416d965ce1da93a71728ad5b1d27c (cherry picked from commit f7fb767541)
2019-01-25 17:25:00 +01:00 · 2019-01-25 17:25:00 +01:00 · 018b6711a7
parent 853b228357
commit 018b6711a7
1 changed files with 3 additions and 1 deletions
--- a/puppet/services/database/redis.yaml
+++ b/puppet/services/database/redis.yaml
@ -74,7 +74,8 @@ outputs:
            tripleo::profile::base::database::redis::tls_proxy_port: 6379
          - if:
            - use_tls_proxy
-            - redis_certificate_specs:
+            - tripleo::redis::service_certificate: '/etc/pki/tls/certs/redis.crt'
+              redis_certificate_specs:
                service_certificate: '/etc/pki/tls/certs/redis.crt'
                service_key: '/etc/pki/tls/private/redis.key'
                hostname:
@ -87,6 +88,7 @@ outputs:
                    template: "redis/%{hiera('cloud_name_NETWORK')}"
                    params:
                      NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
+                postsave_cmd: "/usr/bin/certmonger-redis-refresh.sh"
            - {}
      step_config: |
        include ::tripleo::profile::base::database::redis