diff options
| author |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-16 09:26:42 +0300 |
|---|---|---|
| committer |   Emilien Macchi <emilien@redhat.com> | 2017-08-18 18:59:35 +0000 |
| commit | 095d130f9dbadb698c2c349819e754a907455ee0 (patch) | |
| tree | 28cb5d6603b188c3b3f918dc5be847c7ab997d4c /manifests/profile/base | |
| parent | f7d34f038d7d5ff1d4fd05955e2f444ffd44b023 (diff) | |
Certmonger: Make postsave command configurable
We need to make it configurable since these commands don't apply for
containerized environments. This way we can restart containers or
disable restarting and rely on other means.
This stems from the issue that some services get accidentally started by
certmonger on containerized environments, which makes the container
initialization fail.
bp tls-via-certmonger-containers
Change-Id: I62ff89362cfcc80e6e62fad09110918c36802813
Diffstat (limited to 'manifests/profile/base')
| -rw-r--r-- | manifests/profile/base/certmonger_user.pp | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/manifests/profile/base/certmonger_user.pp b/manifests/profile/base/certmonger_user.pp index 2ac4b6e..c3dde96 100644 --- a/manifests/profile/base/certmonger_user.pp +++ b/manifests/profile/base/certmonger_user.pp @@ -38,11 +38,21 @@ # it will create. # Defaults to hiera('apache_certificate_specs', {}). # +# [*apache_postsave_cmd*] +# (Optional) If set, it overrides the default way to restart apache when the +# certificate is renewed. +# Defaults to undef +# # [*haproxy_certificates_specs*] # (Optional) The specifications to give to certmonger for the certificate(s) # it will create. # Defaults to hiera('tripleo::profile::base::haproxy::certificate_specs', {}). # +# [*haproxy_postsave_cmd*] +# (Optional) If set, it overrides the default way to restart haproxy when the +# certificate is renewed. +# Defaults to undef +# # [*libvirt_certificates_specs*] # (Optional) The specifications to give to certmonger for the certificate(s) # it will create. @@ -70,7 +80,9 @@ # class tripleo::profile::base::certmonger_user ( $apache_certificates_specs = hiera('apache_certificates_specs', {}), + $apache_postsave_cmd = undef, $haproxy_certificates_specs = hiera('tripleo::profile::base::haproxy::certificates_specs', {}), + $haproxy_postsave_cmd = undef, $libvirt_certificates_specs = hiera('libvirt_certificates_specs', {}), $mongodb_certificate_specs = hiera('mongodb_certificate_specs',{}), $mysql_certificate_specs = hiera('tripleo::profile::base::database::mysql::certificate_specs', {}), @@ -94,7 +106,8 @@ class tripleo::profile::base::certmonger_user ( unless empty($apache_certificates_specs) { include ::tripleo::certmonger::apache_dirs - ensure_resources('tripleo::certmonger::httpd', $apache_certificates_specs) + ensure_resources('tripleo::certmonger::httpd', $apache_certificates_specs, + {'postsave_cmd' => $apache_postsave_cmd}) } unless empty($libvirt_certificates_specs) { include ::tripleo::certmonger::libvirt_dirs @@ -102,7 +115,8 @@ class tripleo::profile::base::certmonger_user ( } unless empty($haproxy_certificates_specs) { include ::tripleo::certmonger::haproxy_dirs - ensure_resources('tripleo::certmonger::haproxy', $haproxy_certificates_specs) + ensure_resources('tripleo::certmonger::haproxy', $haproxy_certificates_specs, + {'postsave_cmd' => $haproxy_postsave_cmd}) # The haproxy fronends (or listen resources) depend on the certificate # existing and need to be refreshed if it changed. Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||> |