aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-08-31 01:51:59 +0000
committerGerrit Code Review <review@openstack.org>2017-08-31 01:51:59 +0000
commita49cd8519ea43248b04f8c529c38e5f1a03c6cc1 (patch)
tree6d21def9f30cf0e8f6fb761c983c787f3541c7eb
parent2052f8e97d18ca6e9af2b93c8a6d6a47fca7a429 (diff)
parenteae8fb5186369e53da3d9003cb0161c518f1188a (diff)
Merge "HAProxy: Make certmonger bundle the cert and key on renewal" into stable/pike
-rw-r--r--manifests/certmonger/haproxy.pp15
1 files changed, 14 insertions, 1 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 266054f..97efe59 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -74,7 +74,20 @@ define tripleo::certmonger::haproxy (
$dnsnames_real = $hostname
}
- $postsave_cmd_real = pick($postsave_cmd, 'if systemctl -q is-active haproxy; then systemctl reload haproxy; else true; fi')
+ if $certmonger_ca == 'local' {
+ $ca_fragment = $ca_pem
+ } else {
+ $ca_fragment = ''
+ }
+
+ $concat_pem = "cat ${service_certificate} ${ca_fragment} ${service_key} > ${service_pem}"
+ if $postsave_cmd {
+ $postsave_cmd_real = "${concat_pem} && ${postsave_cmd}"
+ } else {
+ $reload_haproxy_cmd = 'if systemctl -q is-active haproxy; then systemctl reload haproxy; else true; fi'
+ $postsave_cmd_real = "${concat_pem} && ${reload_haproxy_cmd}"
+ }
+
certmonger_certificate { "${title}-cert":
ensure => 'present',
ca => $certmonger_ca,