86eab6ce8c
Since Stein (OSP-15), we're using podman by default. We therefore must reflect this in certmonger refresh secripts. Change-Id: I377511aa0be7efbf58cd2a70e8b9a774bb679f61
18 lines
669 B
Bash
18 lines
669 B
Bash
#!/bin/bash
|
|
|
|
|
|
container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli podman)
|
|
|
|
container_name=$($container_cli ps --format="{{.Names}}" | grep rabbitmq)
|
|
|
|
service_pem="$(hiera -c /etc/puppet/hiera.yaml tripleo::rabbitmq::service_certificate)"
|
|
|
|
# Copy the new cert from the mount-point to the real path
|
|
$container_cli exec "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_pem" "$service_pem"
|
|
|
|
# Set appropriate permissions
|
|
$container_cli exec "$container_name" chown rabbitmq:rabbitmq "$service_pem"
|
|
|
|
# Trigger a pem cache clear in RabbitMQ to read the new certificates
|
|
$container_cli exec $container_name rabbitmqctl eval "ssl:clear_pem_cache()."
|