TLS everywhere: Set post-save command for redis

The default command wasn't working, here we set one that will actually work. The script additionally copies the certificates in the right place and instead of restarting stunnel, triggers a configuration reload. Related-Bug: #1811401 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: I437d69fef45d1662e8908c5ca0f7063be6cb9b32 Change-Id: I49811a6cab5416d965ce1da93a71728ad5b1d27c
2019-01-25 17:25:00 +01:00 · 2019-01-25 17:25:00 +01:00 · f7fb767541
parent 03c54b8067
commit f7fb767541
1 changed files with 3 additions and 1 deletions
--- a/puppet/services/database/redis.yaml
+++ b/puppet/services/database/redis.yaml
@ -78,7 +78,8 @@ outputs:
            tripleo::profile::base::database::redis::tls_proxy_port: 6379
          - if:
            - use_tls_proxy
-            - redis_certificate_specs:
+            - tripleo::redis::service_certificate: '/etc/pki/tls/certs/redis.crt'
+              redis_certificate_specs:
                service_certificate: '/etc/pki/tls/certs/redis.crt'
                service_key: '/etc/pki/tls/private/redis.key'
                hostname:
@ -91,6 +92,7 @@ outputs:
                    template: "redis/%{hiera('cloud_name_NETWORK')}"
                    params:
                      NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
+                postsave_cmd: "/usr/bin/certmonger-redis-refresh.sh"
            - {}
      step_config: |
        include ::tripleo::profile::base::database::redis