aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-09-15 10:30:21 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-09-15 10:43:27 +0300
commit192fd80e942be67ccbb1ddea6666ba341ae33bf8 (patch)
treee6cfe26a32b0275a38559fd86b101983d77baf8b
parent48f965b5edd35f0dae32acf88afa78eef26f6438 (diff)
Fix dependencies for HAProxy when certmonger is used
Installing the undercloud with generate_service_certificate=True fails if HAProxy is not pre-installed. This is due to missing dependency setting on our puppet manifests. We need to specify that the PEM file needs to be written only if the haproxy user and group exist (which comes from the package) and that the haproxy frontend configuration needs to be notified if there are changes in the certificates. Change-Id: Iba3030e4489eb31f9c07ab49913687d8b595a91b Closes-Bug: #1623805
-rw-r--r--manifests/certmonger/haproxy.pp10
-rw-r--r--manifests/profile/base/haproxy.pp3
2 files changed, 9 insertions, 4 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 0168227..504acf3 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -47,6 +47,7 @@ define tripleo::certmonger::haproxy (
$postsave_cmd,
$principal = undef,
){
+ include ::haproxy::params
certmonger_certificate { "${title}-cert":
hostname => $hostname,
dnsname => $hostname,
@@ -56,10 +57,11 @@ define tripleo::certmonger::haproxy (
principal => $principal,
}
concat { $service_pem :
- ensure => present,
- mode => '0640',
- owner => 'haproxy',
- group => 'haproxy',
+ ensure => present,
+ mode => '0640',
+ owner => 'haproxy',
+ group => 'haproxy',
+ require => Package[$::haproxy::params::package_name],
}
concat::fragment { "${title}-cert-fragment":
target => $service_pem,
diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp
index 68ff3e4..e018f36 100644
--- a/manifests/profile/base/haproxy.pp
+++ b/manifests/profile/base/haproxy.pp
@@ -79,6 +79,9 @@ class tripleo::profile::base::haproxy (
require => Class['::certmonger'],
}
create_resources('::tripleo::certmonger::haproxy', $certificates_specs)
+ # The haproxy fronends (or listen resources) depend on the certificate
+ # existing and need to be refreshed if it changed.
+ Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||>
}
include ::tripleo::haproxy