diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-08-31 01:51:59 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-08-31 01:51:59 +0000 |
commit | a49cd8519ea43248b04f8c529c38e5f1a03c6cc1 (patch) | |
tree | 6d21def9f30cf0e8f6fb761c983c787f3541c7eb | |
parent | 2052f8e97d18ca6e9af2b93c8a6d6a47fca7a429 (diff) | |
parent | eae8fb5186369e53da3d9003cb0161c518f1188a (diff) |
Merge "HAProxy: Make certmonger bundle the cert and key on renewal" into stable/pike
-rw-r--r-- | manifests/certmonger/haproxy.pp | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 266054f..97efe59 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -74,7 +74,20 @@ define tripleo::certmonger::haproxy ( $dnsnames_real = $hostname } - $postsave_cmd_real = pick($postsave_cmd, 'if systemctl -q is-active haproxy; then systemctl reload haproxy; else true; fi') + if $certmonger_ca == 'local' { + $ca_fragment = $ca_pem + } else { + $ca_fragment = '' + } + + $concat_pem = "cat ${service_certificate} ${ca_fragment} ${service_key} > ${service_pem}" + if $postsave_cmd { + $postsave_cmd_real = "${concat_pem} && ${postsave_cmd}" + } else { + $reload_haproxy_cmd = 'if systemctl -q is-active haproxy; then systemctl reload haproxy; else true; fi' + $postsave_cmd_real = "${concat_pem} && ${reload_haproxy_cmd}" + } + certmonger_certificate { "${title}-cert": ensure => 'present', ca => $certmonger_ca, |