openstack/puppet-tripleo
Code Issues Proposed changes

novnc-proxy: Remove default post-save command for certmonger

Browse Source 
The default command didn't work, so we need to fix that.

Related-Bug: #1811401
Needed-By: Idc0844c8726aa53bc4cbd55f902248f854d2464f
Change-Id: Ifacbee9e31d84be1008ab7545defac71cf65793f
This commit is contained in:
Grzegorz Grasza
2019-01-25 18:16:01 +01:00
parent 4949d5901b
commit e6306badac
2 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
files/certmonger-novnc-proxy-refresh.sh Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/bash
container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli docker)
container_name=$($container_cli ps --format="{{.Names}}" | grep nova_vnc_proxy)
service_crt="$(hiera -c /etc/puppet/hiera.yaml nova::cert)"
service_key="$(hiera -c /etc/puppet/hiera.yaml nova::key)"
# Copy the new cert from the mount-point to the real path
$container_cli exec -u root "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_crt" "$service_crt"
# Copy the new key from the mount-point to the real path
$container_cli exec -u root "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_key" "$service_key"
# No need to trigger a reload for novnc proxy since the cert is not cached

10
manifests/certmonger/novnc_proxy.pp
View File

@@ -36,7 +36,6 @@
# #
# [*postsave_cmd*] # [*postsave_cmd*]
# (Optional) Specifies the command to execute after requesting a certificate. # (Optional) Specifies the command to execute after requesting a certificate.
# If nothing is given, it will default to: "systemctl restart ${service name}"
# Defaults to undef. # Defaults to undef.
# #
# [*principal*] # [*principal*]
@@ -61,7 +60,12 @@ class tripleo::certmonger::novnc_proxy (
$notify_service_real = pick($notify_service, $::nova::params::vncproxy_service_name) $notify_service_real = pick($notify_service, $::nova::params::vncproxy_service_name)
$postsave_cmd_real = pick($postsave_cmd, "systemctl restart ${::nova::params::vncproxy_service_name}") ensure_resource('file', '/usr/bin/certmonger-novnc-proxy-refresh.sh', {
source => 'puppet:///modules/tripleo/certmonger-novnc-proxy-refresh.sh',
mode => '0700',
seltype => 'bin_t',
notify => Service['certmonger']
})
certmonger_certificate { 'novnc-proxy' : certmonger_certificate { 'novnc-proxy' :
ensure => 'present', ensure => 'present',
@@ -70,7 +74,7 @@ class tripleo::certmonger::novnc_proxy (
hostname => $hostname, hostname => $hostname,
dnsname => $hostname, dnsname => $hostname,
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd_real, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
wait => true, wait => true,
tag => 'novnc-proxy', tag => 'novnc-proxy',