Run local CA trust before haproxy deployment

Before haproxy tries to use the TLS certificates it should already trust the CA. So it's necessary for the local CA-related manifest to notify the ::tripleo::haproxy class. This works for newly set deployments. deployments that have already ran the ca-trust section will already trust the CA and thus won't need that part. Change-Id: I32ded4e33abffd51f220fb8a7dc6263aace72acd
author: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2016-08-01 11:45:33 +0300
committer: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2016-08-01 11:45:33 +0300
commit: 70494971e6a647fe6fc16b6660291133aa939bbb (patch)
tree: 529a7c75f9c019d3b01bb72af6ca1ea45435df71
parent: 0bc4c11c671f669feb1be1f5b58994e534f5dd35 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp
index 8e73ce3..7951941 100644
--- a/manifests/profile/base/haproxy.pp
+++ b/manifests/profile/base/haproxy.pp
@@ -68,7 +68,9 @@ class tripleo::profile::base::haproxy (
         # This is only needed for certmonger's local CA. For any other CA this
         # operation (trusting the CA) should be done by the deployer.
         if $certmonger_ca == 'local' {
-          include ::tripleo::certmonger::ca::local
+          class { '::tripleo::certmonger::ca::local':
+            notify => Class['::tripleo::haproxy']
+          }
         }
 
         Certmonger_certificate {
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2016-08-01 11:45:33 +0300
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2016-08-01 11:45:33 +0300
commit	70494971e6a647fe6fc16b6660291133aa939bbb (patch)
tree	529a7c75f9c019d3b01bb72af6ca1ea45435df71
parent	0bc4c11c671f669feb1be1f5b58994e534f5dd35 (diff)