From 13d0dc504e68bec23e5a016e33fe9a8cd34e59f2 Mon Sep 17 00:00:00 2001
From: fpantano <fpantano@redhat.com>
Date: Wed, 14 Aug 2019 13:50:04 +0200
Subject: [PATCH] Add certmonger-grafana-refresh script

Following the pattern of the other openstack components,
we need the refresh script that trigger a restart of the
ceph grafana container when the certificate gets renewed.
This commit adds also the postsave_cmd in the ceph_grafana
puppet file to reflect the the change.

Change-Id: I91df82eec1715bd7a9d0b1ac44f72dd76f9e54cd
---
 files/certmonger-grafana-refresh.sh  |  9 +++++++
 manifests/certmonger/ceph_grafana.pp | 35 +++++++++++++++++++---------
 2 files changed, 33 insertions(+), 11 deletions(-)
 create mode 100644 files/certmonger-grafana-refresh.sh

diff --git a/files/certmonger-grafana-refresh.sh b/files/certmonger-grafana-refresh.sh
new file mode 100644
index 000000000..fb1680c8d
--- /dev/null
+++ b/files/certmonger-grafana-refresh.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# Get grafana systemd unit
+grafana_unit=$(systemctl list-unit-files | awk '/grafana/ {print $1}')
+
+# Restart the grafana systemd unit
+if [ -z "$grafana_unit" ]; then
+    systemctl restart "$grafana_unit"
+fi
diff --git a/manifests/certmonger/ceph_grafana.pp b/manifests/certmonger/ceph_grafana.pp
index 8cd80e286..acc232721 100644
--- a/manifests/certmonger/ceph_grafana.pp
+++ b/manifests/certmonger/ceph_grafana.pp
@@ -1,4 +1,4 @@
-# Copyright 2017 Red Hat, Inc.
+# Copyright 2019 Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
@@ -12,7 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 #
-# == Class: tripleo::certmonger::ceph_grafana-server
+# == Class: tripleo::certmonger::ceph_grafana
 #
 # Request a certificate for RabbitMQ and do the necessary setup.
 #
@@ -31,6 +31,10 @@
 #   (Optional) The CA that certmonger will use to generate the certificates.
 #   Defaults to hiera('certmonger_ca', 'local').
 #
+# [*postsave_cmd*]
+#   (Optional) Specifies the command to execute after requesting a certificate.
+#   Defaults to undef.
+#
 # [*principal*]
 #   (Optional) The service principal that is set for the service in kerberos.
 #   Defaults to undef
@@ -39,20 +43,29 @@ class tripleo::certmonger::ceph_grafana (
   $hostname,
   $service_certificate,
   $service_key,
+  $postsave_cmd = undef,
   $certmonger_ca = hiera('certmonger_ca', 'local'),
   $principal     = undef,
 ) {
 
+  ensure_resource('file', '/usr/bin/certmonger-grafana-refresh.sh', {
+    source  => 'puppet:///modules/tripleo/certmonger-grafana-refresh.sh',
+    mode    => '0700',
+    seltype => 'bin_t',
+    notify  => Service['certmonger']
+  })
+
   certmonger_certificate { 'ceph_grafana' :
-    ensure    => 'present',
-    certfile  => $service_certificate,
-    keyfile   => $service_key,
-    hostname  => $hostname,
-    dnsname   => $hostname,
-    principal => $principal,
-    ca        => $certmonger_ca,
-    wait      => true,
-    require   => Class['::certmonger'],
+    ensure       => 'present',
+    certfile     => $service_certificate,
+    keyfile      => $service_key,
+    hostname     => $hostname,
+    dnsname      => $hostname,
+    principal    => $principal,
+    postsave_cmd => $postsave_cmd,
+    ca           => $certmonger_ca,
+    wait         => true,
+    require      => Class['::certmonger'],
   }
 
   file { $service_certificate :