aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-08-22 18:14:22 +0000
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-08-24 12:30:08 +0000
commit347aa4a4f255372201affc3dc6c7e409ca7e76b8 (patch)
tree8cc0bcbcbb0009f30dc7a9a3948a877639ab505a
parent92c04bbb77468214d2f1cba7c11f1de50fa6ad63 (diff)
TLS-everywhere/libvirt: Make postsave command configurable
This is requires for when libvirt is running over a container, since we shouldn't try to restart the libvirt process, but the container itself. bp tls-via-certmonger-containers Change-Id: I26a7748b37059ea37f460d8c70ef684cc41b16d3
-rw-r--r--manifests/certmonger/libvirt.pp10
-rw-r--r--manifests/profile/base/certmonger_user.pp9
2 files changed, 16 insertions, 3 deletions
diff --git a/manifests/certmonger/libvirt.pp b/manifests/certmonger/libvirt.pp
index b7dbb0a..8ce0037 100644
--- a/manifests/certmonger/libvirt.pp
+++ b/manifests/certmonger/libvirt.pp
@@ -35,6 +35,11 @@
# (Optional) The user which the certificate and key files belong to.
# Defaults to 'root'
#
+# [*postsave_cmd*]
+# (Optional) Specifies the command to execute after requesting a certificate.
+# If nothing is given, it will default to: "systemctl reload ${service name}"
+# Defaults to undef.
+#
# [*principal*]
# (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef
@@ -44,12 +49,13 @@ define tripleo::certmonger::libvirt (
$service_certificate,
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $postsave_cmd = undef,
$principal = undef,
) {
include ::certmonger
include ::nova::params
- $postsave_cmd = "systemctl restart ${::nova::params::libvirt_service_name}"
+ $postsave_cmd_real = pick($postsave_cmd, "systemctl reload ${::nova::params::libvirt_service_name}")
certmonger_certificate { $name :
ensure => 'present',
certfile => $service_certificate,
@@ -57,7 +63,7 @@ define tripleo::certmonger::libvirt (
hostname => $hostname,
dnsname => $hostname,
principal => $principal,
- postsave_cmd => $postsave_cmd,
+ postsave_cmd => $postsave_cmd_real,
ca => $certmonger_ca,
wait => true,
tag => 'libvirt-cert',
diff --git a/manifests/profile/base/certmonger_user.pp b/manifests/profile/base/certmonger_user.pp
index c3dde96..cc29cd5 100644
--- a/manifests/profile/base/certmonger_user.pp
+++ b/manifests/profile/base/certmonger_user.pp
@@ -58,6 +58,11 @@
# it will create.
# Defaults to hiera('libvirt_certificates_specs', {}).
#
+# [*libvirt_postsave_cmd*]
+# (Optional) If set, it overrides the default way to restart libvirt when the
+# certificate is renewed.
+# Defaults to undef
+#
# [*mongodb_certificate_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -84,6 +89,7 @@ class tripleo::profile::base::certmonger_user (
$haproxy_certificates_specs = hiera('tripleo::profile::base::haproxy::certificates_specs', {}),
$haproxy_postsave_cmd = undef,
$libvirt_certificates_specs = hiera('libvirt_certificates_specs', {}),
+ $libvirt_postsave_cmd = undef,
$mongodb_certificate_specs = hiera('mongodb_certificate_specs',{}),
$mysql_certificate_specs = hiera('tripleo::profile::base::database::mysql::certificate_specs', {}),
$rabbitmq_certificate_specs = hiera('tripleo::profile::base::rabbitmq::certificate_specs', {}),
@@ -111,7 +117,8 @@ class tripleo::profile::base::certmonger_user (
}
unless empty($libvirt_certificates_specs) {
include ::tripleo::certmonger::libvirt_dirs
- ensure_resources('tripleo::certmonger::libvirt', $libvirt_certificates_specs)
+ ensure_resources('tripleo::certmonger::libvirt', $libvirt_certificates_specs,
+ {'postsave_cmd' => $libvirt_postsave_cmd})
}
unless empty($haproxy_certificates_specs) {
include ::tripleo::certmonger::haproxy_dirs