TLS everywhere: Set post-save command for RabbitMQ
The default command wasn't working, here we set one that will actually work.
The script additionally copies the certificates in the right place
and instead of restarting RabbitMQ, it triggers a pem cache reload.
Related-Bug: #1811401
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: Id06633a1adaafe1fef1d3d7f6b2af3ef5ffc9d4a
Change-Id: I3e564f9a5abdbf11d0580c4ff801092f32bcc678
(cherry picked from commit 03c54b8067
)
This commit is contained in:
parent
6be616a38c
commit
a1430fbf60
|
@ -112,6 +112,7 @@ outputs:
|
|||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
|
@ -125,6 +126,7 @@ outputs:
|
|||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::rabbitmq
|
||||
|
|
|
@ -113,6 +113,7 @@ outputs:
|
|||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
|
@ -126,6 +127,7 @@ outputs:
|
|||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::rabbitmq
|
||||
|
|
|
@ -160,6 +160,7 @@ outputs:
|
|||
if:
|
||||
- internal_tls_enabled
|
||||
- generate_service_certificates: true
|
||||
tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
tripleo::profile::base::rabbitmq::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
|
||||
service_key: '/etc/pki/tls/private/rabbitmq.key'
|
||||
|
@ -173,6 +174,7 @@ outputs:
|
|||
template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::rabbitmq
|
||||
|
|
Loading…
Reference in New Issue