openstack
/
puppet-tripleo
Code Issues Proposed changes

Merge "HAProxy: Make certmonger bundle the cert and key on renewal"

This commit is contained in:
Jenkins 2017-08-26 18:41:18 +00:00 committed by Gerrit Code Review
parent 4d89a8e095 e1791a37d5
commit 0384443835
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
manifests/certmonger/haproxy.pp
View File

@ -74,7 +74,20 @@ define tripleo::certmonger::haproxy (
$dnsnames_real = $hostname
}
$postsave_cmd_real = pick($postsave_cmd, 'if systemctl -q is-active haproxy; then systemctl reload haproxy; else true; fi')
if $certmonger_ca == 'local' {
$ca_fragment = $ca_pem
} else {
$ca_fragment = ''
}
$concat_pem = "cat ${service_certificate} ${ca_fragment} ${service_key} > ${service_pem}"
if $postsave_cmd {
$postsave_cmd_real = "${concat_pem} && ${postsave_cmd}"
} else {
$reload_haproxy_cmd = 'if systemctl -q is-active haproxy; then systemctl reload haproxy; else true; fi'
$postsave_cmd_real = "${concat_pem} && ${reload_haproxy_cmd}"
}
certmonger_certificate { "${title}-cert":
ensure => 'present',
ca => $certmonger_ca,