From ddf216332ff9a7e8378c78e3e59271ce21719c62 Mon Sep 17 00:00:00 2001 From: Damien Ciabrini Date: Fri, 26 Jun 2020 16:31:11 +0200 Subject: [PATCH] Ensure post-save certmonger scripts target the right HA container HAProxy and RabbitMQ can reload their TLS certificate on change, without being restarted. To do that, a post-save script scan the list of running container, copy the new certs and trigger a reload action in the service. Make sure that those post-save script only get the right container out of the "$container_cli ps" command, i.e. that the scripts Work both with HA and non-HA deployments. Change-Id: Iaba8da504f9c7a54656cf1abe259dff779ea7125 Closes-Bug: #1885284 (cherry picked from commit 3e942b7ff5cc91bfee7cc19d31b502548dcf3f57) (cherry picked from commit e0fa5abdf69f4cb7f80bb40c858eef4f7601dea5) --- files/certmonger-haproxy-refresh.sh | 2 +- files/certmonger-rabbitmq-refresh.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/files/certmonger-haproxy-refresh.sh b/files/certmonger-haproxy-refresh.sh index a73dc5d3c..3e89cfef0 100644 --- a/files/certmonger-haproxy-refresh.sh +++ b/files/certmonger-haproxy-refresh.sh @@ -33,7 +33,7 @@ fi cat "$service_certificate" "$ca_path" "$service_key" > "$service_pem" -haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep haproxy) +haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'haproxy(-bundle-.*-[0-9]+)?') if [ "$ACTION" == "reload" ]; then # Refresh the cert at the mount-point diff --git a/files/certmonger-rabbitmq-refresh.sh b/files/certmonger-rabbitmq-refresh.sh index 3ec4fec8c..fa72e6744 100644 --- a/files/certmonger-rabbitmq-refresh.sh +++ b/files/certmonger-rabbitmq-refresh.sh @@ -3,7 +3,7 @@ container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli docker) -container_name=$($container_cli ps --format="{{.Names}}" | grep rabbitmq) +container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'rabbitmq(-bundle-.*-[0-9]+)?') service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate)"