summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-08-01 11:45:33 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-08-01 11:45:33 +0300
commit70494971e6a647fe6fc16b6660291133aa939bbb (patch)
tree529a7c75f9c019d3b01bb72af6ca1ea45435df71
parent0bc4c11c671f669feb1be1f5b58994e534f5dd35 (diff)
Run local CA trust before haproxy deployment
Before haproxy tries to use the TLS certificates it should already trust the CA. So it's necessary for the local CA-related manifest to notify the ::tripleo::haproxy class. This works for newly set deployments. deployments that have already ran the ca-trust section will already trust the CA and thus won't need that part. Change-Id: I32ded4e33abffd51f220fb8a7dc6263aace72acd
-rw-r--r--manifests/profile/base/haproxy.pp4
1 files changed, 3 insertions, 1 deletions
diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp
index 8e73ce3..7951941 100644
--- a/manifests/profile/base/haproxy.pp
+++ b/manifests/profile/base/haproxy.pp
@@ -68,7 +68,9 @@ class tripleo::profile::base::haproxy (
# This is only needed for certmonger's local CA. For any other CA this
# operation (trusting the CA) should be done by the deployer.
if $certmonger_ca == 'local' {
- include ::tripleo::certmonger::ca::local
+ class { '::tripleo::certmonger::ca::local':
+ notify => Class['::tripleo::haproxy']
+ }
}
Certmonger_certificate {