Browse Source

Fix memcached restart on cert renewal

Memcached does not need to be restarted in order to reload new certs,
a single refresh_certs command will do. This fix will preserve cached
items and avoid cache rebuild.

Change-Id: Ida5faaf4685b111b3b07b4499b24d4ba3b6ec459
Depends-On: I18bda6b9219ab42543f83c46be7763f98e4dfd0e
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
changes/44/772344/2
Moisés Guimarães de Medeiros 3 months ago
parent
commit
4586911ef7
1 changed files with 4 additions and 2 deletions
  1. +4
    -2
      files/certmonger-memcached-refresh.sh

+ 4
- 2
files/certmonger-memcached-refresh.sh View File

@ -14,5 +14,7 @@ $container_cli exec "$container_name" cp "/var/lib/kolla/config_files/src-tls$se
$container_cli exec "$container_name" chown memcached:memcached "$service_certificate"
$container_cli exec "$container_name" chown memcached:memcached "$service_key"
# Trigger a container restart to read the new certificates
$container_cli restart $container_name
# Send refresh_certs command to memcached
memcached_ip="$(hiera -c /etc/puppet/hiera.yaml memcached::listen.0 127.0.0.1)"
memcached_port="$(hiera -c /etc/puppet/hiera.yaml memcached::tcp_port 11211)"
echo refresh_certs | openssl s_client -connect $memcached_ip:$memcached_port

Loading…
Cancel
Save