aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-08-04 11:15:45 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-08-11 04:06:14 +0000
commit040411c2a4f8b1fbd1e4a5598e5ea0e6a4306e06 (patch)
tree4b41b815cbfb42de63f0aeda1f69c3986357e710
parentf41922902eb2649ba6eee0c43fb32d623f76c7ec (diff)
Modify resource dependencies of certmonger_user resources
In a containerized environment the haproxy class might not be defined, so this was made optional. On the other hand, this also retrieves the CRL before any certmonger_certificate resources are created. bp tls-via-certmonger-containers Change-Id: I2078da7757ff3af1d05d36315fcebd54bb4ca3ec
-rw-r--r--manifests/certmonger/haproxy.pp13
-rw-r--r--manifests/profile/base/certmonger_user.pp5
2 files changed, 11 insertions, 7 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 3def337..d4f4ad2 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -88,13 +88,14 @@ define tripleo::certmonger::haproxy (
require => Class['::certmonger'],
}
concat { $service_pem :
- ensure => present,
- mode => '0640',
- owner => 'haproxy',
- group => 'haproxy',
- tag => 'haproxy-cert',
- require => Package[$::haproxy::params::package_name],
+ ensure => present,
+ mode => '0640',
+ owner => 'haproxy',
+ group => 'haproxy',
+ tag => 'haproxy-cert',
}
+ Package<| name == $::haproxy::params::package_name |> -> Concat[$service_pem]
+
concat::fragment { "${title}-cert-fragment":
target => $service_pem,
source => $service_certificate,
diff --git a/manifests/profile/base/certmonger_user.pp b/manifests/profile/base/certmonger_user.pp
index 231a1d0..2ac4b6e 100644
--- a/manifests/profile/base/certmonger_user.pp
+++ b/manifests/profile/base/certmonger_user.pp
@@ -80,13 +80,16 @@ class tripleo::profile::base::certmonger_user (
unless empty($haproxy_certificates_specs) {
$reload_haproxy = ['systemctl reload haproxy']
Class['::tripleo::certmonger::ca::crl'] ~> Haproxy::Balancermember<||>
- Class['::tripleo::certmonger::ca::crl'] ~> Class['::haproxy']
+ if defined(Class['::haproxy']) {
+ Class['::tripleo::certmonger::ca::crl'] ~> Class['::haproxy']
+ }
} else {
$reload_haproxy = []
}
class { '::tripleo::certmonger::ca::crl' :
reload_cmds => $reload_haproxy,
}
+ Certmonger_certificate<||> -> Class['::tripleo::certmonger::ca::crl']
include ::tripleo::certmonger::ca::libvirt
unless empty($apache_certificates_specs) {