Ensure post-save certmonger scripts target the right HA container

HAProxy and RabbitMQ can reload their TLS certificate on change,
without being restarted. To do that, a post-save script scan the
list of running container, copy the new certs and trigger a reload
action in the service.

Make sure that those post-save script only get the right container
out of the "$container_cli ps" command, i.e. that the scripts Work
both with HA and non-HA deployments.

Change-Id: Iaba8da504f9c7a54656cf1abe259dff779ea7125
Closes-Bug: #1885284
(cherry picked from commit 3e942b7ff5)
This commit is contained in:
Damien Ciabrini 2020-06-26 16:31:11 +02:00
parent 9b02574d3a
commit e0fa5abdf6
2 changed files with 2 additions and 2 deletions

View File

@ -33,7 +33,7 @@ fi
cat "$service_certificate" "$ca_path" "$service_key" > "$service_pem" cat "$service_certificate" "$ca_path" "$service_key" > "$service_pem"
haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep haproxy) haproxy_container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'haproxy(-bundle-.*-[0-9]+)?')
if [ "$ACTION" == "reload" ]; then if [ "$ACTION" == "reload" ]; then
# Refresh the cert at the mount-point # Refresh the cert at the mount-point

View File

@ -3,7 +3,7 @@
container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli podman) container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli podman)
container_name=$($container_cli ps --format="{{.Names}}" | grep rabbitmq) container_name=$($container_cli ps --format="{{.Names}}" | grep -w -E 'rabbitmq(-bundle-.*-[0-9]+)?')
service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate)" service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate)"