Browse Source

Ensure post-save certmonger scripts target the right HA container

HAProxy and RabbitMQ can reload their TLS certificate on change,
without being restarted. To do that, a post-save script scan the
list of running container, copy the new certs and trigger a reload
action in the service.

Make sure that those post-save script only get the right container
out of the "$container_cli ps" command, i.e. that the scripts Work
both with HA and non-HA deployments.

Change-Id: Iaba8da504f9c7a54656cf1abe259dff779ea7125
Closes-Bug: #1885284
changes/15/738215/1
Damien Ciabrini 1 year ago
parent
commit
3e942b7ff5
  1. 2
      files/certmonger-haproxy-refresh.sh
  2. 2
      files/certmonger-rabbitmq-refresh.sh

2
files/certmonger-haproxy-refresh.sh

@ -33,7 +33,7 @@ fi
cat "$service_certificate" "$ca_path" "$service_key" > "$service_pem"
haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep haproxy)
haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'haproxy(-bundle-.*-[0-9]+)?')
if [ "$ACTION" == "reload" ]; then
# Copy the new cert from the mount-point to the real path

2
files/certmonger-rabbitmq-refresh.sh

@ -3,7 +3,7 @@
container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli podman)
container_name=$($container_cli ps --format="{{.Names}}" | grep rabbitmq)
container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'rabbitmq(-bundle-.*-[0-9]+)?')
service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate)"

Loading…
Cancel
Save