TLS everywhere: Set post-save command for httpd

The default command wasn't working, so here we set one that will actually work. httpd is a fairly simple instance, since the certs are mounted from the directory (and not the individual certs). So there is no need to copy anything to the container or do any post-processing. All we need to do is tell httpd to load the new certs. Related-Bug: #1811401 Depends-On: I642f48aa0e66ca57de2ecee921c798747ba41e1a Change-Id: I862f0d15f769167c8b5d27cf302b7087b8fad0ab (cherry picked from commit 514f99c575)
2019-01-25 11:18:15 +02:00 · 2019-01-25 11:18:15 +02:00 · 6be616a38c
parent 64e564aaf1
commit 6be616a38c
1 changed files with 1 additions and 0 deletions
--- a/puppet/services/apache.j2.yaml
+++ b/puppet/services/apache.j2.yaml
@ -117,6 +117,7 @@ outputs:
                        service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
                        hostname: "%{hiera('fqdn_NETWORK')}"
                        principal: "HTTP/%{hiera('fqdn_NETWORK')}"
+                        postsave_cmd: "pkill -USR1 httpd"
                    for_each:
                      NETWORK: {get_attr: [ApacheNetworks, value]}
            - {}