From 4586911ef793c6b28871963c0a1485d71dee48c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mois=C3=A9s=20Guimar=C3=A3es=20de=20Medeiros?=
 <moguimar@redhat.com>
Date: Mon, 25 Jan 2021 14:52:27 +0100
Subject: [PATCH] Fix memcached restart on cert renewal
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Memcached does not need to be restarted in order to reload new certs,
a single refresh_certs command will do. This fix will preserve cached
items and avoid cache rebuild.

Change-Id: Ida5faaf4685b111b3b07b4499b24d4ba3b6ec459
Depends-On: I18bda6b9219ab42543f83c46be7763f98e4dfd0e
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
---
 files/certmonger-memcached-refresh.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/files/certmonger-memcached-refresh.sh b/files/certmonger-memcached-refresh.sh
index 52e191bce..86ddd56d6 100644
--- a/files/certmonger-memcached-refresh.sh
+++ b/files/certmonger-memcached-refresh.sh
@@ -14,5 +14,7 @@ $container_cli exec "$container_name" cp "/var/lib/kolla/config_files/src-tls$se
 $container_cli exec "$container_name" chown memcached:memcached "$service_certificate"
 $container_cli exec "$container_name" chown memcached:memcached "$service_key"
 
-# Trigger a container restart to read the new certificates
-$container_cli restart $container_name
+# Send refresh_certs command to memcached
+memcached_ip="$(hiera -c /etc/puppet/hiera.yaml memcached::listen.0 127.0.0.1)"
+memcached_port="$(hiera -c /etc/puppet/hiera.yaml memcached::tcp_port 11211)"
+echo refresh_certs | openssl s_client -connect $memcached_ip:$memcached_port