diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-16 09:26:42 +0300 |
---|---|---|
committer | Emilien Macchi <emilien@redhat.com> | 2017-08-18 18:59:35 +0000 |
commit | 095d130f9dbadb698c2c349819e754a907455ee0 (patch) | |
tree | 28cb5d6603b188c3b3f918dc5be847c7ab997d4c /manifests/certmonger/mongodb.pp | |
parent | f7d34f038d7d5ff1d4fd05955e2f444ffd44b023 (diff) |
Certmonger: Make postsave command configurable
We need to make it configurable since these commands don't apply for
containerized environments. This way we can restart containers or
disable restarting and rely on other means.
This stems from the issue that some services get accidentally started by
certmonger on containerized environments, which makes the container
initialization fail.
bp tls-via-certmonger-containers
Change-Id: I62ff89362cfcc80e6e62fad09110918c36802813
Diffstat (limited to 'manifests/certmonger/mongodb.pp')
-rw-r--r-- | manifests/certmonger/mongodb.pp | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/manifests/certmonger/mongodb.pp b/manifests/certmonger/mongodb.pp index 0b2dd6a..37af82c 100644 --- a/manifests/certmonger/mongodb.pp +++ b/manifests/certmonger/mongodb.pp @@ -34,6 +34,11 @@ # (Optional) The CA that certmonger will use to generate the certificates. # Defaults to hiera('certmonger_ca', 'local'). # +# [*postsave_cmd*] +# (Optional) Specifies the command to execute after requesting a certificate. +# If nothing is given, it will default to: "systemctl restart ${service name}" +# Defaults to undef. +# # [*principal*] # (Optional) The service principal that is set for the service in kerberos. # Defaults to undef @@ -44,12 +49,13 @@ class tripleo::certmonger::mongodb ( $service_key, $service_pem, $certmonger_ca = hiera('certmonger_ca', 'local'), + $postsave_cmd = undef, $principal = undef, ) { include ::certmonger include ::mongodb::params - $postsave_cmd = "systemctl restart ${::mongodb::params::service_name}" + $postsave_cmd_real = pick($postsave_cmd, "systemctl restart ${::mongodb::params::service_name}") certmonger_certificate { 'mongodb' : ensure => 'present', certfile => $service_certificate, @@ -57,7 +63,7 @@ class tripleo::certmonger::mongodb ( hostname => $hostname, dnsname => $hostname, principal => $principal, - postsave_cmd => $postsave_cmd, + postsave_cmd => $postsave_cmd_real, ca => $certmonger_ca, wait => true, require => Class['::certmonger'], |