TLS everywhere: Set post-save command for RabbitMQ

The default command wasn't working, here we set one that will actually work. The script additionally copies the certificates in the right place and instead of restarting RabbitMQ, it triggers a pem cache reload. Related-Bug: #1811401 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: Id06633a1adaafe1fef1d3d7f6b2af3ef5ffc9d4a Change-Id: I3e564f9a5abdbf11d0580c4ff801092f32bcc678 (cherry picked from commit 03c54b8067)
2019-01-25 15:32:58 +01:00 · 2019-01-25 15:32:58 +01:00 · a1430fbf60
parent 6be616a38c
commit a1430fbf60
3 changed files with 6 additions and 0 deletions
--- a/puppet/services/messaging/notify-rabbitmq.yaml
+++ b/puppet/services/messaging/notify-rabbitmq.yaml
@ -112,6 +112,7 @@ outputs:
            if:
            - internal_tls_enabled
            - generate_service_certificates: true
+              tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
              tripleo::profile::base::rabbitmq::certificate_specs:
                service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
                service_key: '/etc/pki/tls/private/rabbitmq.key'
@ -125,6 +126,7 @@ outputs:
                    template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
                    params:
                      NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]}
+                postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
            - {}
      step_config: |
        include ::tripleo::profile::base::rabbitmq
--- a/puppet/services/messaging/rpc-rabbitmq.yaml
+++ b/puppet/services/messaging/rpc-rabbitmq.yaml
@ -113,6 +113,7 @@ outputs:
            if:
            - internal_tls_enabled
            - generate_service_certificates: true
+              tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
              tripleo::profile::base::rabbitmq::certificate_specs:
                service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
                service_key: '/etc/pki/tls/private/rabbitmq.key'
@ -126,6 +127,7 @@ outputs:
                    template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
                    params:
                      NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]}
+                postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
            - {}
      step_config: |
        include ::tripleo::profile::base::rabbitmq
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@ -160,6 +160,7 @@ outputs:
            if:
            - internal_tls_enabled
            - generate_service_certificates: true
+              tripleo::rabbitmq::service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
              tripleo::profile::base::rabbitmq::certificate_specs:
                service_certificate: '/etc/pki/tls/certs/rabbitmq.crt'
                service_key: '/etc/pki/tls/private/rabbitmq.key'
@ -173,6 +174,7 @@ outputs:
                    template: "rabbitmq/%{hiera('fqdn_NETWORK')}"
                    params:
                      NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]}
+                postsave_cmd: "/usr/bin/certmonger-rabbitmq-refresh.sh"
            - {}
      step_config: |
        include ::tripleo::profile::base::rabbitmq