Fix rabbitmq certificate reload after it is resubmitted

When certmonger resubmit a certificate, make sure that
the post_save command reads the right hiera key to
update the certificate file into the running rabbitmq
container.

Change-Id: Ic7f66b83611794d41105941c15c32479fe876980
Closes-Bug: #1941727
(cherry picked from commit 42a29d0413)
This commit is contained in:
Damien Ciabrini 2021-08-26 12:53:24 +02:00
parent 7317546c28
commit 48d6566567
1 changed files with 2 additions and 5 deletions

View File

@ -5,8 +5,8 @@ container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli docker)
container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'rabbitmq(-bundle-.*-[0-9]+)?')
service_crt="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate.service_certificate)"
service_key="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate.service_key)"
service_crt="$(hiera -c /etc/puppet/hiera.yaml tripleo::profile::base::rabbitmq::certificate_specs.service_certificate)"
service_key="$(hiera -c /etc/puppet/hiera.yaml tripleo::profile::base::rabbitmq::certificate_specs.service_key)"
if echo "$container_name" | grep -q "^rabbitmq-bundle"; then
# lp#1917868: Do not use podman cp with HA containers as they get
@ -25,9 +25,6 @@ else
$container_cli exec -u root "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_key" "$service_key"
fi
# Copy the new cert from the mount-point to the real path
$container_cli exec "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_pem" "$service_pem"
# Set appropriate permissions
$container_cli exec -u root "$container_name" chown rabbitmq:rabbitmq "$service_crt"
$container_cli exec -u root "$container_name" chown rabbitmq:rabbitmq "$service_key"