Restart gitlab-workhorse when trusted certificates change
If workhorse is not restarted after certificates change in trusted certificates store, it will fail to pick up the new certificates.
How to reproduce
- Deploy redis externally using a custom signed certificate.
- Configure GitLab to use this redis instance. DO NOT add the custom CA to the trusted certificates yet.
- Check the logs of `gitlab-workhorse. You will see something like
{"level":"info","msg":"keywatcher: starting process loop","time":"2021-12-03T09:35:33Z"} {"address":"<REDIS_URL>","level":"info","msg":"redis: dialing","scheme":"rediss","time":"2021-12-03T09:01:53Z"} {"error":"keywatcher: x509: certificate signed by unknown authority","level":"error","msg":"","time":"2021-12-03T09:01:53Z"}
- Add the custom CA to trusted certificates and run reconfigure
- Workhorse hasn't picked up the changes yet and the errors continue to pop up.
- Restart workhorse, and see the error message go away
{"level":"info","msg":"keywatcher: starting process loop","time":"2021-12-03T09:37:57Z"} {"address":"<REDIS_URL>","level":"info","msg":"redis: dialing","scheme":"rediss","time":"2021-12-03T09:37:57Z"}