Run devstack CA and cert setup early

Previously apache was configured and restarted before we configured the CA and certs. In most cases this is fine because those specific vhosts didn't use tls. However, if you had previously run devstack and had leftover vhosts and an unconfigured CA or certs devstack would fail. This is a small corner case, but its simple to address by moving CA and cert setup up in stack.sh to before we do anything related to web servers. Change-Id: I31dbaf9471088b9faff26c7b790da6f6feebb2d5
2017-05-31 20:27:59 -07:00 · 2017-05-31 20:27:59 -07:00 · cc072fd32f
parent a6e4e42fb3
commit cc072fd32f
1 changed files with 12 additions and 7 deletions
--- a/stack.sh
+++ b/stack.sh
@ -833,6 +833,18 @@ if is_service_enabled etcd3; then
    install_etcd3
 fi

+# Setup TLS certs
+# ---------------
+
+# Do this early, before any webservers are set up to ensure
+# we don't run into problems with missing certs when apache
+# is restarted.
+if is_service_enabled tls-proxy; then
+    configure_CA
+    init_CA
+    init_cert
+fi
+
 # Check Out and Install Source
 # ----------------------------

@ -857,13 +869,6 @@ if is_service_enabled neutron nova horizon; then
    install_neutronclient
 fi

-# Setup TLS certs
-if is_service_enabled tls-proxy; then
-    configure_CA
-    init_CA
-    init_cert
-fi
-
 # Install middleware
 install_keystonemiddleware