Fix dependencies for HAProxy when certmonger is used
Installing the undercloud with generate_service_certificate=True fails if HAProxy is not pre-installed. This is due to missing dependency setting on our puppet manifests. We need to specify that the PEM file needs to be written only if the haproxy user and group exist (which comes from the package) and that the haproxy frontend configuration needs to be notified if there are changes in the certificates. Change-Id: Iba3030e4489eb31f9c07ab49913687d8b595a91b Closes-Bug: #1623805
This commit is contained in:
parent
48f965b5ed
commit
192fd80e94
|
@ -47,6 +47,7 @@ define tripleo::certmonger::haproxy (
|
|||
$postsave_cmd,
|
||||
$principal = undef,
|
||||
){
|
||||
include ::haproxy::params
|
||||
certmonger_certificate { "${title}-cert":
|
||||
hostname => $hostname,
|
||||
dnsname => $hostname,
|
||||
|
@ -56,10 +57,11 @@ define tripleo::certmonger::haproxy (
|
|||
principal => $principal,
|
||||
}
|
||||
concat { $service_pem :
|
||||
ensure => present,
|
||||
mode => '0640',
|
||||
owner => 'haproxy',
|
||||
group => 'haproxy',
|
||||
ensure => present,
|
||||
mode => '0640',
|
||||
owner => 'haproxy',
|
||||
group => 'haproxy',
|
||||
require => Package[$::haproxy::params::package_name],
|
||||
}
|
||||
concat::fragment { "${title}-cert-fragment":
|
||||
target => $service_pem,
|
||||
|
|
|
@ -79,6 +79,9 @@ class tripleo::profile::base::haproxy (
|
|||
require => Class['::certmonger'],
|
||||
}
|
||||
create_resources('::tripleo::certmonger::haproxy', $certificates_specs)
|
||||
# The haproxy fronends (or listen resources) depend on the certificate
|
||||
# existing and need to be refreshed if it changed.
|
||||
Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||>
|
||||
}
|
||||
|
||||
include ::tripleo::haproxy
|
||||
|
|
Loading…
Reference in New Issue