From 0037a3c2810e6115ea095e397e2e5d87f354ecb7 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Fri, 22 Sep 2023 07:29:05 -0500
Subject: [PATCH] r/minio: Reload server after changing cert

MinIO is supposed to automatically reload itself when the certificate
changes, but this does not appear to happen in all cases.  To ensure the
updated certificate gets used, we need to send SIGHUP to the MinIO
server process.
---
 roles/minio/handlers/main.yml            | 5 +++++
 roles/minio/tasks/deploy.yml             | 4 ++++
 roles/minio/templates/minio.container.j2 | 1 +
 3 files changed, 10 insertions(+)

diff --git a/roles/minio/handlers/main.yml b/roles/minio/handlers/main.yml
index 7bf2bbd..be68782 100644
--- a/roles/minio/handlers/main.yml
+++ b/roles/minio/handlers/main.yml
@@ -6,3 +6,8 @@
   systemd:
     name: minio
     state: restarted
+
+- name: reload minio
+  systemd:
+    name: minio
+    state: reloaded
diff --git a/roles/minio/tasks/deploy.yml b/roles/minio/tasks/deploy.yml
index e44f0ea..6a88152 100644
--- a/roles/minio/tasks/deploy.yml
+++ b/roles/minio/tasks/deploy.yml
@@ -56,6 +56,8 @@
     mode: u=rw,g=r,o=
     setype: container_file_t
   with_fileglob: certs/minio/{{ inventory_hostname }}.cer
+  notify:
+  - reload minio
   tags:
   - cert
 - name: ensure minio server private key is present
@@ -68,6 +70,8 @@
     setype: container_file_t
   diff: false
   with_fileglob: certs/minio/{{ inventory_hostname }}.key
+  notify:
+  - reload minio
   tags:
   - cert
 
diff --git a/roles/minio/templates/minio.container.j2 b/roles/minio/templates/minio.container.j2
index ff05f33..dcc7295 100644
--- a/roles/minio/templates/minio.container.j2
+++ b/roles/minio/templates/minio.container.j2
@@ -15,6 +15,7 @@ Network=host
 NoNewPrivileges=yes
 
 [Service]
+ExecReload=/bin/kill -HUP $MAINPID
 MemoryDenyWriteExecute=yes
 PrivateTmp=yes
 ProtectClock=yes