Merge "Include local CA in haproxy PEM"

2016-11-29 14:51:10 +00:00 · 2016-11-29 14:51:10 +00:00 · 323e556e84
commit 323e556e84
parent 66efa98ba2 ffd7040a6d
1 changed files with 18 additions and 2 deletions
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@ -36,6 +36,10 @@
 #   The post-save-command that certmonger will use once it renews the
 #   certificate.
 #
+# [*certmonger_ca*]
+#   (Optional) The CA that certmonger will use to generate the certificates.
+#   Defaults to hiera('certmonger_ca', 'local').
+#
 # [*principal*]
 #   The haproxy service principal that is set for HAProxy in kerberos.
 #
@ -45,7 +49,8 @@ define tripleo::certmonger::haproxy (
  $service_key,
  $hostname,
  $postsave_cmd,
-  $principal = undef,
+  $certmonger_ca = hiera('certmonger_ca', 'local'),
+  $principal     = undef,
 ){
    include ::haproxy::params
    certmonger_certificate { "${title}-cert":
@ -69,10 +74,21 @@ define tripleo::certmonger::haproxy (
      order   => '01',
      require => Certmonger_certificate["${title}-cert"],
    }
+
+    if $certmonger_ca == 'local' {
+      $ca_pem = getparam(Class['tripleo::certmonger::ca::local'], 'ca_pem')
+      concat::fragment { "${title}-ca-fragment":
+        target  => $service_pem,
+        source  => $ca_pem,
+        order   => '10',
+        require => Class['tripleo::certmonger::ca::local'],
+      }
+    }
+
    concat::fragment { "${title}-key-fragment":
      target  => $service_pem,
      source  => $service_key,
-      order   => 10,
+      order   => 20,
      require => Certmonger_certificate["${title}-cert"],
    }
 }