Fix dependencies for HAProxy when certmonger is used

Installing the undercloud with generate_service_certificate=True fails if HAProxy is not pre-installed. This is due to missing dependency setting on our puppet manifests. We need to specify that the PEM file needs to be written only if the haproxy user and group exist (which comes from the package) and that the haproxy frontend configuration needs to be notified if there are changes in the certificates. Change-Id: Iba3030e4489eb31f9c07ab49913687d8b595a91b Closes-Bug: #1623805
2016-09-15 10:30:21 +03:00 · 2016-09-15 10:30:21 +03:00 · 192fd80e94
parent 48f965b5ed
commit 192fd80e94
2 changed files with 9 additions and 4 deletions
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@ -47,6 +47,7 @@ define tripleo::certmonger::haproxy (
  $postsave_cmd,
  $principal = undef,
 ){
+    include ::haproxy::params
    certmonger_certificate { "${title}-cert":
      hostname     => $hostname,
      dnsname      => $hostname,
@ -56,10 +57,11 @@ define tripleo::certmonger::haproxy (
      principal    => $principal,
    }
    concat { $service_pem :
-      ensure => present,
-      mode   => '0640',
-      owner  => 'haproxy',
-      group  => 'haproxy',
+      ensure  => present,
+      mode    => '0640',
+      owner   => 'haproxy',
+      group   => 'haproxy',
+      require => Package[$::haproxy::params::package_name],
    }
    concat::fragment { "${title}-cert-fragment":
      target  => $service_pem,
--- a/manifests/profile/base/haproxy.pp
+++ b/manifests/profile/base/haproxy.pp
@ -79,6 +79,9 @@ class tripleo::profile::base::haproxy (
          require     => Class['::certmonger'],
        }
        create_resources('::tripleo::certmonger::haproxy', $certificates_specs)
+        # The haproxy fronends (or listen resources) depend on the certificate
+        # existing and need to be refreshed if it changed.
+        Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||>
      }

      include ::tripleo::haproxy