deleting / importing a keystore on primary doesn't change the status of reverse proxies to require a restart

[owla101]

Hi, I'm using simple roles to delete a keystore and import a new version of it. Each role calls the commit changes notifier.

I've set up small demo env which has 2 appliances....a primary and a cluster member. Both the primary and the clsuter memeber have the reverse proxy deployed and configured to use a self sign cert in the keystore that is being changed.

I'm finding that only the reverse proxy on the primary has its status changed to 'changes are active' = false. The same reverse proxy on the cluster member still shows 'changes are active' = true.

Is there a further step required in order for the cluster member reverse proxy to have its status changed. My next step is to call a role to restart the reverse proxies to take in the cert change but this is only happening on the primary.

[ram-ibm]

I suggest having a playbook to restart the reverse proxies - I dont think the cluster sync flags a reverse proxy as needing restart. Alternately you can detect if a change is being made in your import playbook and then manually trigger restarts. You can force handlers (see rp_restart.yml playbook - in sample playbooks repository).