623f448392
Adding certification generation and pass it down to puppet-memcached. NOTE(moguimar): Squashing one extra fix that was merged after the first patch made it into master. Squashes: - Fix memcached restart on cert renewal (cherry picked from commit 4586911ef793c6b28871963c0a1485d71dee48c6) Conflicts: manifests/profile/base/memcached.pp Note: Relative names were replaced by absolute names to pass the lint tests for stable/train. Change-Id: I8eb2b45e8868b99dfe402fee514afa8f8c42f086 (cherry picked from commit b0b7b4069aa90080761edb83c65174b116ba5fbb) (cherry picked from commit 91033038161c1c85d35a40e99e521140fe85e25a)
21 lines
1.1 KiB
Bash
21 lines
1.1 KiB
Bash
#!/bin/bash
|
|
|
|
container_cli=$(hiera -c /etc/puppet/hiera.yaml container_cli podman)
|
|
container_name=$($container_cli ps --format="{{.Names}}" | grep metrics_qdr)
|
|
|
|
service_certificate="$(hiera -c /etc/puppet/hiera.yaml tripleo::profile::base::memcached::certificate_specs.service_certificate)"
|
|
service_key="$(hiera -c /etc/puppet/hiera.yaml tripleo::profile::base::memcached::certificate_specs.service_key)"
|
|
|
|
# Copy the new cert and key from the mount-point to the real path
|
|
$container_cli exec "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_certificate" "$service_certificate"
|
|
$container_cli exec "$container_name" cp "/var/lib/kolla/config_files/src-tls$service_key" "$service_key"
|
|
|
|
# Set appropriate permissions
|
|
$container_cli exec "$container_name" chown qdrouterd:qdrouterd "$service_certificate"
|
|
$container_cli exec "$container_name" chown qdrouterd:qdrouterd "$service_key"
|
|
|
|
# Send refresh_certs command to memcached
|
|
memcached_ip="$(hiera -c /etc/puppet/hiera.yaml memcached::listen.0 127.0.0.1)"
|
|
memcached_port="$(hiera -c /etc/puppet/hiera.yaml memcached::tcp_port 11211)"
|
|
echo refresh_certs | openssl s_client -connect $memcached_ip:$memcached_port
|