From 095d130f9dbadb698c2c349819e754a907455ee0 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Wed, 16 Aug 2017 09:26:42 +0300
Subject: Certmonger: Make postsave command configurable

We need to make it configurable since these commands don't apply for
containerized environments. This way we can restart containers or
disable restarting and rely on other means.

This stems from the issue that some services get accidentally started by
certmonger on containerized environments, which makes the container
initialization fail.

bp tls-via-certmonger-containers

Change-Id: I62ff89362cfcc80e6e62fad09110918c36802813
---
 manifests/certmonger/httpd.pp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'manifests/certmonger/httpd.pp')

diff --git a/manifests/certmonger/httpd.pp b/manifests/certmonger/httpd.pp
index e9754f7..1b57984 100644
--- a/manifests/certmonger/httpd.pp
+++ b/manifests/certmonger/httpd.pp
@@ -36,6 +36,11 @@
 #   in the certificate. If left unset, the value will be set to the $hostname.
 #   Defaults to undef
 #
+# [*postsave_cmd*]
+#   (Optional) Specifies the command to execute after requesting a certificate.
+#   If nothing is given, it will default to: "systemctl restart ${service name}"
+#   Defaults to undef.
+#
 # [*principal*]
 #   The haproxy service principal that is set for HAProxy in kerberos.
 #
@@ -45,6 +50,7 @@ define tripleo::certmonger::httpd (
   $service_key,
   $certmonger_ca = hiera('certmonger_ca', 'local'),
   $dnsnames      = undef,
+  $postsave_cmd  = undef,
   $principal     = undef,
 ) {
   include ::certmonger
@@ -56,7 +62,7 @@ define tripleo::certmonger::httpd (
     $dnsnames_real = $hostname
   }
 
-  $postsave_cmd = "systemctl reload ${::apache::params::service_name}"
+  $postsave_cmd_real = pick($postsave_cmd, "systemctl reload ${::apache::params::service_name}")
   certmonger_certificate { $name :
     ensure       => 'present',
     certfile     => $service_certificate,
@@ -64,7 +70,7 @@ define tripleo::certmonger::httpd (
     hostname     => $hostname,
     dnsname      => $dnsnames_real,
     principal    => $principal,
-    postsave_cmd => $postsave_cmd,
+    postsave_cmd => $postsave_cmd_real,
     ca           => $certmonger_ca,
     wait         => true,
     tag          => 'apache-cert',
-- 
cgit 1.2.3-korg