openstack/puppet-tripleo
Code Issues Proposed changes

Ensure post-save certmonger scripts target the right HA container

Browse Source 
HAProxy and RabbitMQ can reload their TLS certificate on change,
without being restarted. To do that, a post-save script scan the
list of running container, copy the new certs and trigger a reload
action in the service.

Make sure that those post-save script only get the right container
out of the "$container_cli ps" command, i.e. that the scripts Work
both with HA and non-HA deployments.

Change-Id: Iaba8da504f9c7a54656cf1abe259dff779ea7125
Closes-Bug: #1885284
(cherry picked from commit 3e942b7ff5cc91bfee7cc19d31b502548dcf3f57)
(cherry picked from commit e0fa5abdf69f4cb7f80bb40c858eef4f7601dea5)
This commit is contained in:
Damien Ciabrini 2020-06-26 16:31:11 +02:00
parent a0725f8645
commit ddf216332f
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
files/certmonger-haproxy-refresh.sh
View File

@ -33,7 +33,7 @@ fi
cat "$service_certificate" "$ca_path" "$service_key" > "$service_pem"
haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep haproxy)
haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'haproxy(-bundle-.*-[0-9]+)?')
if [ "$ACTION" == "reload" ]; then
# Refresh the cert at the mount-point

2
files/certmonger-rabbitmq-refresh.sh
View File

@ -3,7 +3,7 @@
container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli docker)
container_name=$($container_cli ps --format="{{.Names}}" | grep rabbitmq)
container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'rabbitmq(-bundle-.*-[0-9]+)?')
service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate)"