TLS everywhere: Set post-save command for redis
The default command wasn't working, here we set one that will actually work. The script additionally copies the certificates in the right place and instead of restarting stunnel, triggers a configuration reload. Related-Bug: #1811401 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: I437d69fef45d1662e8908c5ca0f7063be6cb9b32 Change-Id: I49811a6cab5416d965ce1da93a71728ad5b1d27c
This commit is contained in:
parent
03c54b8067
commit
f7fb767541
@ -78,7 +78,8 @@ outputs:
|
|||||||
tripleo::profile::base::database::redis::tls_proxy_port: 6379
|
tripleo::profile::base::database::redis::tls_proxy_port: 6379
|
||||||
- if:
|
- if:
|
||||||
- use_tls_proxy
|
- use_tls_proxy
|
||||||
- redis_certificate_specs:
|
- tripleo::redis::service_certificate: '/etc/pki/tls/certs/redis.crt'
|
||||||
|
redis_certificate_specs:
|
||||||
service_certificate: '/etc/pki/tls/certs/redis.crt'
|
service_certificate: '/etc/pki/tls/certs/redis.crt'
|
||||||
service_key: '/etc/pki/tls/private/redis.key'
|
service_key: '/etc/pki/tls/private/redis.key'
|
||||||
hostname:
|
hostname:
|
||||||
@ -91,6 +92,7 @@ outputs:
|
|||||||
template: "redis/%{hiera('cloud_name_NETWORK')}"
|
template: "redis/%{hiera('cloud_name_NETWORK')}"
|
||||||
params:
|
params:
|
||||||
NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
||||||
|
postsave_cmd: "/usr/bin/certmonger-redis-refresh.sh"
|
||||||
- {}
|
- {}
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::database::redis
|
include ::tripleo::profile::base::database::redis
|
||||||
|
Loading…
Reference in New Issue
Block a user