Ensure post-save certmonger scripts target the right HA container
HAProxy and RabbitMQ can reload their TLS certificate on change,
without being restarted. To do that, a post-save script scan the
list of running container, copy the new certs and trigger a reload
action in the service.
Make sure that those post-save script only get the right container
out of the "$container_cli ps" command, i.e. that the scripts Work
both with HA and non-HA deployments.
Change-Id: Iaba8da504f9c7a54656cf1abe259dff779ea7125
Closes-Bug: #1885284
(cherry picked from commit 3e942b7ff5
)
This commit is contained in:
parent
9b02574d3a
commit
e0fa5abdf6
|
@ -33,7 +33,7 @@ fi
|
||||||
|
|
||||||
cat "$service_certificate" "$ca_path" "$service_key" > "$service_pem"
|
cat "$service_certificate" "$ca_path" "$service_key" > "$service_pem"
|
||||||
|
|
||||||
haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep haproxy)
|
haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'haproxy(-bundle-.*-[0-9]+)?')
|
||||||
|
|
||||||
if [ "$ACTION" == "reload" ]; then
|
if [ "$ACTION" == "reload" ]; then
|
||||||
# Refresh the cert at the mount-point
|
# Refresh the cert at the mount-point
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli podman)
|
container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli podman)
|
||||||
|
|
||||||
container_name=$($container_cli ps --format="{{.Names}}" | grep rabbitmq)
|
container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'rabbitmq(-bundle-.*-[0-9]+)?')
|
||||||
|
|
||||||
service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate)"
|
service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate)"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue