neutron dhcpd: Add script for certmonger postsave_cmd
The default update procedure didn't work, so are fixing that. Related-Bug: #1811401 Needed-By: I449df13ea2c49a8cf6d2e8e632b2b39707071c52 Change-Id: I9954cf33efedf2ec3dfb03109595cd4431feff60
This commit is contained in:
parent
e6306badac
commit
7cc4a3da6f
21
files/certmonger-neutron-dhcpd-refresh.sh
Normal file
21
files/certmonger-neutron-dhcpd-refresh.sh
Normal file
@ -0,0 +1,21 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli docker)
|
||||
|
||||
container_name=$($container_cli ps --format="{{.Names}}" | grep neutron_dhcp)
|
||||
|
||||
# The certificate is also installed on the computes, but neutron_dhcp is only
|
||||
# present on the controllers, so we exit if the container could not be found.
|
||||
[[ -z $container_name ]] && exit 0
|
||||
|
||||
service_crt="$(hiera -c /etc/puppet/hiera.yaml neutron::agents::dhcp::ovsdb_agent_ssl_cert_file)"
|
||||
service_key="$(hiera -c /etc/puppet/hiera.yaml neutron::agents::dhcp::ovsdb_agent_ssl_key_file)"
|
||||
|
||||
# Copy the new cert from the mount-point to the real path
|
||||
$container_cli exec -u root "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_crt" "$service_crt"
|
||||
|
||||
# Copy the new key from the mount-point to the real path
|
||||
$container_cli exec -u root "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_key" "$service_key"
|
||||
|
||||
# No need to trigger a reload for neutron dhcpd since the cert is not cached
|
@ -33,7 +33,6 @@
|
||||
#
|
||||
# [*postsave_cmd*]
|
||||
# (Optional) Specifies the command to execute after requesting a certificate.
|
||||
# Defaults to 'if systemctl -q is-active opendaylight; then systemctl restart opendaylight; else true; fi'
|
||||
#
|
||||
# [*principal*]
|
||||
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
||||
@ -49,6 +48,13 @@ class tripleo::certmonger::neutron (
|
||||
) {
|
||||
include ::certmonger
|
||||
|
||||
ensure_resource('file', '/usr/bin/certmonger-neutron-dhcpd-refresh.sh', {
|
||||
source => 'puppet:///modules/tripleo/certmonger-neutron-dhcpd-refresh.sh',
|
||||
mode => '0700',
|
||||
seltype => 'bin_t',
|
||||
notify => Service['certmonger']
|
||||
})
|
||||
|
||||
certmonger_certificate { 'neutron' :
|
||||
ensure => 'present',
|
||||
certfile => $service_certificate,
|
||||
|
Loading…
Reference in New Issue
Block a user