Add certmonger-grafana-refresh script

Following the pattern of the other openstack components,
we need the refresh script that trigger a restart of the
ceph grafana container when the certificate gets renewed.
This commit adds also the postsave_cmd in the ceph_grafana
puppet file to reflect the the change.

Change-Id: I91df82eec1715bd7a9d0b1ac44f72dd76f9e54cd
This commit is contained in:
fpantano 2019-08-14 13:50:04 +02:00
parent dcf2263522
commit 13d0dc504e
No known key found for this signature in database
GPG Key ID: 799868C47301D458
2 changed files with 33 additions and 11 deletions

View File

@ -0,0 +1,9 @@
#!/bin/bash
# Get grafana systemd unit
grafana_unit=$(systemctl list-unit-files | awk '/grafana/ {print $1}')
# Restart the grafana systemd unit
if [ -z "$grafana_unit" ]; then
systemctl restart "$grafana_unit"
fi

View File

@ -1,4 +1,4 @@
# Copyright 2017 Red Hat, Inc. # Copyright 2019 Red Hat, Inc.
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may # Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain # not use this file except in compliance with the License. You may obtain
@ -12,7 +12,7 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
# #
# == Class: tripleo::certmonger::ceph_grafana-server # == Class: tripleo::certmonger::ceph_grafana
# #
# Request a certificate for RabbitMQ and do the necessary setup. # Request a certificate for RabbitMQ and do the necessary setup.
# #
@ -31,6 +31,10 @@
# (Optional) The CA that certmonger will use to generate the certificates. # (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local'). # Defaults to hiera('certmonger_ca', 'local').
# #
# [*postsave_cmd*]
# (Optional) Specifies the command to execute after requesting a certificate.
# Defaults to undef.
#
# [*principal*] # [*principal*]
# (Optional) The service principal that is set for the service in kerberos. # (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef # Defaults to undef
@ -39,20 +43,29 @@ class tripleo::certmonger::ceph_grafana (
$hostname, $hostname,
$service_certificate, $service_certificate,
$service_key, $service_key,
$postsave_cmd = undef,
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$principal = undef, $principal = undef,
) { ) {
ensure_resource('file', '/usr/bin/certmonger-grafana-refresh.sh', {
source => 'puppet:///modules/tripleo/certmonger-grafana-refresh.sh',
mode => '0700',
seltype => 'bin_t',
notify => Service['certmonger']
})
certmonger_certificate { 'ceph_grafana' : certmonger_certificate { 'ceph_grafana' :
ensure => 'present', ensure => 'present',
certfile => $service_certificate, certfile => $service_certificate,
keyfile => $service_key, keyfile => $service_key,
hostname => $hostname, hostname => $hostname,
dnsname => $hostname, dnsname => $hostname,
principal => $principal, principal => $principal,
ca => $certmonger_ca, postsave_cmd => $postsave_cmd,
wait => true, ca => $certmonger_ca,
require => Class['::certmonger'], wait => true,
require => Class['::certmonger'],
} }
file { $service_certificate : file { $service_certificate :