TLS everywhere: Set post-save command for RabbitMQ

The default command wasn't working, here we set one that will actually work. The script additionally copies the certificates in the right place and instead of restarting RabbitMQ, it triggers a pem cache reload. Related-Bug: #1811401 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: Id06633a1adaafe1fef1d3d7f6b2af3ef5ffc9d4a Change-Id: I3e564f9a5abdbf11d0580c4ff801092f32bcc678
2019-01-25 15:32:58 +01:00 · 2019-01-25 15:32:58 +01:00 · 03c54b8067
parent 514f99c575
commit 03c54b8067
3 changed files with 6 additions and 0 deletions
--- a/puppet/services/messaging/notify-rabbitmq.yaml
+++ b/puppet/services/messaging/notify-rabbitmq.yaml
@ -112,6 +112,7 @@ outputs:
            if:
            - internal_tls_enabled
            - generate_service_certificates: true
+              tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
              tripleo::profile::base::rabbitmq::certificate_specs:
                service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
                service_key: '/etc/pki/tls/private/rabbitmq.key'
@ -125,6 +126,7 @@ outputs:
                    template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
                    params:
                      NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
+                postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
            - {}
      step_config: |
        include ::tripleo::profile::base::rabbitmq
--- a/puppet/services/messaging/rpc-rabbitmq.yaml
+++ b/puppet/services/messaging/rpc-rabbitmq.yaml
@ -113,6 +113,7 @@ outputs:
            if:
            - internal_tls_enabled
            - generate_service_certificates: true
+              tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
              tripleo::profile::base::rabbitmq::certificate_specs:
                service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
                service_key: '/etc/pki/tls/private/rabbitmq.key'
@ -126,6 +127,7 @@ outputs:
                    template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
                    params:
                      NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
+                postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
            - {}
      step_config: |
        include ::tripleo::profile::base::rabbitmq
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@ -160,6 +160,7 @@ outputs:
            if:
            - internal_tls_enabled
            - generate_service_certificates: true
+              tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
              tripleo::profile::base::rabbitmq::certificate_specs:
                service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
                service_key: '/etc/pki/tls/private/rabbitmq.key'
@ -173,6 +174,7 @@ outputs:
                    template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
                    params:
                      NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
+                postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
            - {}
      step_config: |
        include ::tripleo::profile::base::rabbitmq