diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-09-15 10:30:21 +0300 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-09-15 10:43:27 +0300 |
commit | 192fd80e942be67ccbb1ddea6666ba341ae33bf8 (patch) | |
tree | e6cfe26a32b0275a38559fd86b101983d77baf8b | |
parent | 48f965b5edd35f0dae32acf88afa78eef26f6438 (diff) |
Fix dependencies for HAProxy when certmonger is used
Installing the undercloud with generate_service_certificate=True
fails if HAProxy is not pre-installed. This is due to missing
dependency setting on our puppet manifests. We need to specify that
the PEM file needs to be written only if the haproxy user and group
exist (which comes from the package) and that the haproxy frontend
configuration needs to be notified if there are changes in the
certificates.
Change-Id: Iba3030e4489eb31f9c07ab49913687d8b595a91b
Closes-Bug: #1623805
-rw-r--r-- | manifests/certmonger/haproxy.pp | 10 | ||||
-rw-r--r-- | manifests/profile/base/haproxy.pp | 3 |
2 files changed, 9 insertions, 4 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 0168227..504acf3 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -47,6 +47,7 @@ define tripleo::certmonger::haproxy ( $postsave_cmd, $principal = undef, ){ + include ::haproxy::params certmonger_certificate { "${title}-cert": hostname => $hostname, dnsname => $hostname, @@ -56,10 +57,11 @@ define tripleo::certmonger::haproxy ( principal => $principal, } concat { $service_pem : - ensure => present, - mode => '0640', - owner => 'haproxy', - group => 'haproxy', + ensure => present, + mode => '0640', + owner => 'haproxy', + group => 'haproxy', + require => Package[$::haproxy::params::package_name], } concat::fragment { "${title}-cert-fragment": target => $service_pem, diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp index 68ff3e4..e018f36 100644 --- a/manifests/profile/base/haproxy.pp +++ b/manifests/profile/base/haproxy.pp @@ -79,6 +79,9 @@ class tripleo::profile::base::haproxy ( require => Class['::certmonger'], } create_resources('::tripleo::certmonger::haproxy', $certificates_specs) + # The haproxy fronends (or listen resources) depend on the certificate + # existing and need to be refreshed if it changed. + Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||> } include ::tripleo::haproxy |