r/minio: Reload server after changing cert

MinIO is supposed to automatically reload itself when the certificate changes, but this does not appear to happen in all cases. To ensure the updated certificate gets used, we need to send SIGHUP to the MinIO server process.
2023-09-22 07:29:05 -05:00 · 2023-09-22 07:29:05 -05:00 · 0037a3c281
parent 1b63332872
commit 0037a3c281
3 changed files with 10 additions and 0 deletions
--- a/roles/minio/handlers/main.yml
+++ b/roles/minio/handlers/main.yml
@ -6,3 +6,8 @@
  systemd:
    name: minio
    state: restarted
+
+- name: reload minio
+  systemd:
+    name: minio
+    state: reloaded
--- a/roles/minio/tasks/deploy.yml
+++ b/roles/minio/tasks/deploy.yml
@ -56,6 +56,8 @@
    mode: u=rw,g=r,o=
    setype: container_file_t
  with_fileglob: certs/minio/{{ inventory_hostname }}.cer
+  notify:
+  - reload minio
  tags:
  - cert
 - name: ensure minio server private key is present
@ -68,6 +70,8 @@
    setype: container_file_t
  diff: false
  with_fileglob: certs/minio/{{ inventory_hostname }}.key
+  notify:
+  - reload minio
  tags:
  - cert

--- a/roles/minio/templates/minio.container.j2
+++ b/roles/minio/templates/minio.container.j2
@ -15,6 +15,7 @@ Network=host
 NoNewPrivileges=yes

 [Service]
+ExecReload=/bin/kill -HUP $MAINPID
 MemoryDenyWriteExecute=yes
 PrivateTmp=yes
 ProtectClock=yes