TLS everywhere: Set post-save command for httpd

The default command wasn't working, so here we set one that will actually work. httpd is a fairly simple instance, since the certs are mounted from the directory (and not the individual certs). So there is no need to copy anything to the container or do any post-processing. All we need to do is tell httpd to load the new certs. Related-Bug: #1811401 Depends-On: I642f48aa0e66ca57de2ecee921c798747ba41e1a Change-Id: I862f0d15f769167c8b5d27cf302b7087b8fad0ab
2019-01-25 11:18:15 +02:00 · 2019-01-25 11:18:15 +02:00 · 514f99c575
parent 4a2c63242d
commit 514f99c575
1 changed files with 1 additions and 0 deletions
--- a/puppet/services/apache.j2.yaml
+++ b/puppet/services/apache.j2.yaml
@ -114,6 +114,7 @@ outputs:
                        service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
                        hostname: "%{hiera('fqdn_NETWORK')}"
                        principal: "HTTP/%{hiera('fqdn_NETWORK')}"
+                        postsave_cmd: "pkill -USR1 httpd"
                    for_each:
                      NETWORK: {get_attr: [ApacheNetworks, value]}
            - {}