aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-03-15 13:54:46 +0000
committerGerrit Code Review <review@openstack.org>2017-03-15 13:54:46 +0000
commit0136098cc2f55e454e6d073d9750537d95c57018 (patch)
tree6fbafa0d66e7198f20f6bff46950583ad3f2ddb1
parent43fa49ebf85db6db3b9fa8b9c5a8bf31fa7397e8 (diff)
parentbee651abcb5f604fc0c4e11e45da65412c9af023 (diff)
Merge "HAProxy: Refactor certificate retrieval bits"
-rw-r--r--manifests/certmonger/haproxy.pp13
-rw-r--r--manifests/profile/base/haproxy.pp22
2 files changed, 14 insertions, 21 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 3b8fd09..6668440 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -52,14 +52,27 @@ define tripleo::certmonger::haproxy (
$certmonger_ca = hiera('certmonger_ca', 'local'),
$principal = undef,
){
+ include ::certmonger
include ::haproxy::params
+ # This is only needed for certmonger's local CA. For any other CA this
+ # operation (trusting the CA) should be done by the deployer.
+ if $certmonger_ca == 'local' {
+ class { '::tripleo::certmonger::ca::local':
+ notify => Class['::tripleo::haproxy']
+ }
+ }
+
certmonger_certificate { "${title}-cert":
+ ensure => 'present',
+ ca => $certmonger_ca,
hostname => $hostname,
dnsname => $hostname,
certfile => $service_certificate,
keyfile => $service_key,
postsave_cmd => $postsave_cmd,
principal => $principal,
+ wait => true,
+ require => Class['::certmonger'],
}
concat { $service_pem :
ensure => present,
diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp
index f16ec1b..8568b28 100644
--- a/manifests/profile/base/haproxy.pp
+++ b/manifests/profile/base/haproxy.pp
@@ -32,10 +32,6 @@
# principal: "haproxy/<undercloud fqdn>"
# Defaults to {}.
#
-# [*certmonger_ca*]
-# (Optional) The CA that certmonger will use to generate the certificates.
-# Defaults to hiera('certmonger_ca', 'local').
-#
# [*enable_load_balancer*]
# (Optional) Whether or not loadbalancer is enabled.
# Defaults to hiera('enable_load_balancer', true).
@@ -55,7 +51,6 @@
#
class tripleo::profile::base::haproxy (
$certificates_specs = {},
- $certmonger_ca = hiera('certmonger_ca', 'local'),
$enable_load_balancer = hiera('enable_load_balancer', true),
$generate_service_certificates = hiera('generate_service_certificates', false),
$step = hiera('step'),
@@ -63,22 +58,7 @@ class tripleo::profile::base::haproxy (
if $step >= 1 {
if $enable_load_balancer {
if str2bool($generate_service_certificates) {
- include ::certmonger
- # This is only needed for certmonger's local CA. For any other CA this
- # operation (trusting the CA) should be done by the deployer.
- if $certmonger_ca == 'local' {
- class { '::tripleo::certmonger::ca::local':
- notify => Class['::tripleo::haproxy']
- }
- }
-
- Certmonger_certificate {
- ca => $certmonger_ca,
- ensure => 'present',
- wait => true,
- require => Class['::certmonger'],
- }
- create_resources('::tripleo::certmonger::haproxy', $certificates_specs)
+ ensure_resources('tripleo::certmonger::haproxy', $certificates_specs)
# The haproxy fronends (or listen resources) depend on the certificate
# existing and need to be refreshed if it changed.
Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||>