From f7fb7675411262b47c9c69c580d18aa743ceb7e9 Mon Sep 17 00:00:00 2001
From: Grzegorz Grasza <xek@redhat.com>
Date: Fri, 25 Jan 2019 17:25:00 +0100
Subject: [PATCH] TLS everywhere: Set post-save command for redis

The default command wasn't working, here we set one that will actually work.

The script additionally copies the certificates in the right place
and instead of restarting stunnel, triggers a configuration reload.

Related-Bug: #1811401
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: I437d69fef45d1662e8908c5ca0f7063be6cb9b32
Change-Id: I49811a6cab5416d965ce1da93a71728ad5b1d27c
---
 puppet/services/database/redis.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml
index 4f8abb01cd..9290d0c409 100644
--- a/puppet/services/database/redis.yaml
+++ b/puppet/services/database/redis.yaml
@@ -78,7 +78,8 @@ outputs:
             tripleo::profile::base::database::redis::tls_proxy_port: 6379
           - if:
             - use_tls_proxy
-            - redis_certificate_specs:
+            - tripleo::redis::service_certificate: '/etc/pki/tls/certs/redis.crt'
+              redis_certificate_specs:
                 service_certificate: '/etc/pki/tls/certs/redis.crt'
                 service_key: '/etc/pki/tls/private/redis.key'
                 hostname:
@@ -91,6 +92,7 @@ outputs:
                     template: "redis/%{hiera('cloud_name_NETWORK')}"
                     params:
                       NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
+                postsave_cmd: "/usr/bin/certmonger-redis-refresh.sh"
             - {}
       step_config: |
         include ::tripleo::profile::base::database::redis