From 5cb55b227e35d2d633d95a61f811e3747124725d Mon Sep 17 00:00:00 2001
From: Jean-Tiare Le Bigot <jean-tiare.lebigot@resilience.care>
Date: Mon, 19 Feb 2024 16:16:10 +0100
Subject: [PATCH] SRE-880 Restart etcd on certificate change

Etcd does not automatically pickup changes to CA certificates. This
commits adds an automatic restart step on certificate change.

See https://github.com/etcd-io/etcd/issues/11555 for context.

Signed-off-by: Jean-Tiare Le Bigot <jean-tiare.lebigot@resilience.care>
---
 handlers/main.yml | 6 ++++++
 tasks/main.yml    | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/handlers/main.yml b/handlers/main.yml
index bb7fde2..464e306 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,4 +1,10 @@
 ---
+- name: restart etcd
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+    name: etcd
+    state: restarted
+
 - name: reload systemd
   systemd:
     daemon_reload: yes
diff --git a/tasks/main.yml b/tasks/main.yml
index 4554360..6ef4799 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -40,6 +40,8 @@
     group: root
   with_items:
     - "{{ etcd_certificates }}"
+  notify:
+    - restart etcd
   no_log: true
   tags:
     - etcd