From 4fccd71076c5b7e1e523b711840edb3ee3342776 Mon Sep 17 00:00:00 2001 From: Samuel Walladge Date: Fri, 17 Jun 2022 08:37:29 +0930 Subject: [PATCH] Reload vault on configure Always reload reload on configure. This ensures any certificates changed on disk will be reloaded. (Such as the tcp listener certificate files.) Closes-Bug: #1912261 Change-Id: Ic254f38d86c0e8323ed10a2eaa22462797d48605 --- src/reactive/vault_handlers.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/reactive/vault_handlers.py b/src/reactive/vault_handlers.py index 68ecd36..2baed15 100644 --- a/src/reactive/vault_handlers.py +++ b/src/reactive/vault_handlers.py @@ -43,6 +43,7 @@ from charmhelpers.core.hookenv import ( from charmhelpers.core.host import ( service, + service_reload, service_restart, service_running, write_file, @@ -238,6 +239,12 @@ def configure_vault(context): if any_file_changed([VAULT_CONFIG, VAULT_SYSTEMD_CONFIG]): # force a restart if config has changed clear_flag('started') + else: + # If vault isn't going to be totally restarted, reload it. + # This will pick up things like certificates changed on disk. + # It is inexpensive and doesn't cause vault to be resealed, + # so we can always reload it here. + service_reload(service_name='vault') @when_not("is-update-status-hook")