From 3e942b7ff5cc91bfee7cc19d31b502548dcf3f57 Mon Sep 17 00:00:00 2001 From: Damien Ciabrini Date: Fri, 26 Jun 2020 16:31:11 +0200 Subject: [PATCH] Ensure post-save certmonger scripts target the right HA container HAProxy and RabbitMQ can reload their TLS certificate on change, without being restarted. To do that, a post-save script scan the list of running container, copy the new certs and trigger a reload action in the service. Make sure that those post-save script only get the right container out of the "$container_cli ps" command, i.e. that the scripts Work both with HA and non-HA deployments. Change-Id: Iaba8da504f9c7a54656cf1abe259dff779ea7125 Closes-Bug: #1885284 --- files/certmonger-haproxy-refresh.sh | 2 +- files/certmonger-rabbitmq-refresh.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/files/certmonger-haproxy-refresh.sh b/files/certmonger-haproxy-refresh.sh index 4a8c82d18..8e83355a3 100644 --- a/files/certmonger-haproxy-refresh.sh +++ b/files/certmonger-haproxy-refresh.sh @@ -33,7 +33,7 @@ fi cat "$service_certificate" "$ca_path" "$service_key" > "$service_pem" -haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep haproxy) +haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'haproxy(-bundle-.*-[0-9]+)?') if [ "$ACTION" == "reload" ]; then # Copy the new cert from the mount-point to the real path diff --git a/files/certmonger-rabbitmq-refresh.sh b/files/certmonger-rabbitmq-refresh.sh index 6658b5e64..9175727ab 100644 --- a/files/certmonger-rabbitmq-refresh.sh +++ b/files/certmonger-rabbitmq-refresh.sh @@ -3,7 +3,7 @@ container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli podman) -container_name=$($container_cli ps --format="{{.Names}}" | grep rabbitmq) +container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'rabbitmq(-bundle-.*-[0-9]+)?') service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate)"