neutron dhcpd: Add script for certmonger postsave_cmd

The default update procedure didn't work, so are fixing that.

Related-Bug: #1811401
Needed-By: I449df13ea2c49a8cf6d2e8e632b2b39707071c52
Change-Id: I9954cf33efedf2ec3dfb03109595cd4431feff60
This commit is contained in:
Grzegorz Grasza 2019-02-01 17:00:01 +01:00
parent e6306badac
commit 7cc4a3da6f
2 changed files with 28 additions and 1 deletions

View File

@ -0,0 +1,21 @@
#!/bin/bash
container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli docker)
container_name=$($container_cli ps --format="{{.Names}}" | grep neutron_dhcp)
# The certificate is also installed on the computes, but neutron_dhcp is only
# present on the controllers, so we exit if the container could not be found.
[[ -z $container_name ]] && exit 0
service_crt="$(hiera -c /etc/puppet/hiera.yaml neutron::agents::dhcp::ovsdb_agent_ssl_cert_file)"
service_key="$(hiera -c /etc/puppet/hiera.yaml neutron::agents::dhcp::ovsdb_agent_ssl_key_file)"
# Copy the new cert from the mount-point to the real path
$container_cli exec -u root "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_crt" "$service_crt"
# Copy the new key from the mount-point to the real path
$container_cli exec -u root "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_key" "$service_key"
# No need to trigger a reload for neutron dhcpd since the cert is not cached

View File

@ -33,7 +33,6 @@
#
# [*postsave_cmd*]
# (Optional) Specifies the command to execute after requesting a certificate.
# Defaults to 'if systemctl -q is-active opendaylight; then systemctl restart opendaylight; else true; fi'
#
# [*principal*]
# (Optional) The haproxy service principal that is set for neutron in kerberos.
@ -49,6 +48,13 @@ class tripleo::certmonger::neutron (
) {
include ::certmonger
ensure_resource('file', '/usr/bin/certmonger-neutron-dhcpd-refresh.sh', {
source => 'puppet:///modules/tripleo/certmonger-neutron-dhcpd-refresh.sh',
mode => '0700',
seltype => 'bin_t',
notify => Service['certmonger']
})
certmonger_certificate { 'neutron' :
ensure => 'present',
certfile => $service_certificate,