Browse Source

Ensure post-save certmonger scripts target the right HA container

HAProxy and RabbitMQ can reload their TLS certificate on change,
without being restarted. To do that, a post-save script scan the
list of running container, copy the new certs and trigger a reload
action in the service.

Make sure that those post-save script only get the right container
out of the "$container_cli ps" command, i.e. that the scripts Work
both with HA and non-HA deployments.

Change-Id: Iaba8da504f9c7a54656cf1abe259dff779ea7125
Closes-Bug: #1885284
(cherry picked from commit 3e942b7ff5)
tags/12.4.0
Damien Ciabrini 1 month ago
parent
commit
e0fa5abdf6
2 changed files with 2 additions and 2 deletions
  1. +1
    -1
      files/certmonger-haproxy-refresh.sh
  2. +1
    -1
      files/certmonger-rabbitmq-refresh.sh

+ 1
- 1
files/certmonger-haproxy-refresh.sh View File

@@ -33,7 +33,7 @@ fi

cat "$service_certificate" "$ca_path" "$service_key" > "$service_pem"

haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep haproxy)
haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'haproxy(-bundle-.*-[0-9]+)?')

if [ "$ACTION" == "reload" ]; then
# Refresh the cert at the mount-point


+ 1
- 1
files/certmonger-rabbitmq-refresh.sh View File

@@ -3,7 +3,7 @@

container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli podman)

container_name=$($container_cli ps --format="{{.Names}}" | grep rabbitmq)
container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'rabbitmq(-bundle-.*-[0-9]+)?')

service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate)"



Loading…
Cancel
Save