TLS everywhere: Set post-save command for RabbitMQ
The default command wasn't working, here we set one that will actually work. The script additionally copies the certificates in the right place and instead of restarting RabbitMQ, it triggers a pem cache reload. Related-Bug: #1811401 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: Id06633a1adaafe1fef1d3d7f6b2af3ef5ffc9d4a Change-Id: I3e564f9a5abdbf11d0580c4ff801092f32bcc678
This commit is contained in:
parent
514f99c575
commit
03c54b8067
|
@ -112,6 +112,7 @@ outputs:
|
|||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
|
@ -125,6 +126,7 @@ outputs:
|
|||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::rabbitmq
|
||||
|
|
|
@ -113,6 +113,7 @@ outputs:
|
|||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
|
@ -126,6 +127,7 @@ outputs:
|
|||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::rabbitmq
|
||||
|
|
|
@ -160,6 +160,7 @@ outputs:
|
|||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
|
@ -173,6 +174,7 @@ outputs:
|
|||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::rabbitmq
|
||||
|
|
Loading…
Reference in New Issue