TLS everywhere: Set post-save command for redis
The default command wasn't working, here we set one that will actually work.
The script additionally copies the certificates in the right place
and instead of restarting stunnel, triggers a configuration reload.
Related-Bug: #1811401
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: I437d69fef45d1662e8908c5ca0f7063be6cb9b32
Change-Id: I49811a6cab5416d965ce1da93a71728ad5b1d27c
(cherry picked from commit f7fb767541
)
This commit is contained in:
parent
853b228357
commit
018b6711a7
|
@ -74,7 +74,8 @@ outputs:
|
|||
tripleo::profile::base::database::redis::tls_proxy_port: 6379
|
||||
- if:
|
||||
- use_tls_proxy
|
||||
- redis_certificate_specs:
|
||||
- tripleo::redis::service_certificate: '/etc/pki/tls/certs/redis.crt'
|
||||
redis_certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/redis.crt'
|
||||
service_key: '/etc/pki/tls/private/redis.key'
|
||||
hostname:
|
||||
|
@ -87,6 +88,7 @@ outputs:
|
|||
template: "redis/%{hiera('cloud_name_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-redis-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::database::redis
|
||||
|
|
Loading…
Reference in New Issue