diff options
| author |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-16 09:26:42 +0300 |
|---|---|---|
| committer |   Emilien Macchi <emilien@redhat.com> | 2017-08-18 18:59:35 +0000 |
| commit | 095d130f9dbadb698c2c349819e754a907455ee0 (patch) | |
| tree | 28cb5d6603b188c3b3f918dc5be847c7ab997d4c /manifests/certmonger/haproxy.pp | |
| parent | f7d34f038d7d5ff1d4fd05955e2f444ffd44b023 (diff) | |
Certmonger: Make postsave command configurable
We need to make it configurable since these commands don't apply for
containerized environments. This way we can restart containers or
disable restarting and rely on other means.
This stems from the issue that some services get accidentally started by
certmonger on containerized environments, which makes the container
initialization fail.
bp tls-via-certmonger-containers
Change-Id: I62ff89362cfcc80e6e62fad09110918c36802813
Diffstat (limited to 'manifests/certmonger/haproxy.pp')
| -rw-r--r-- | manifests/certmonger/haproxy.pp | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index d4f4ad2..819348d 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -32,10 +32,6 @@ # The hostname that certmonger will use as the common name for the # certificate. # -# [*postsave_cmd*] -# The post-save-command that certmonger will use once it renews the -# certificate. -# # [*certmonger_ca*] # (Optional) The CA that certmonger will use to generate the certificates. # Defaults to hiera('certmonger_ca', 'local'). @@ -48,15 +44,19 @@ # [*principal*] # The haproxy service principal that is set for HAProxy in kerberos. # +# [*postsave_cmd*] +# The post-save-command that certmonger will use once it renews the +# certificate. +# define tripleo::certmonger::haproxy ( $service_pem, $service_certificate, $service_key, $hostname, - $postsave_cmd, $certmonger_ca = hiera('certmonger_ca', 'local'), $dnsnames = undef, $principal = undef, + $postsave_cmd = undef, ){ include ::certmonger include ::haproxy::params @@ -74,6 +74,7 @@ define tripleo::certmonger::haproxy ( $dnsnames_real = $hostname } + $postsave_cmd_real = pick($postsave_cmd, 'systemctl reload haproxy') certmonger_certificate { "${title}-cert": ensure => 'present', ca => $certmonger_ca, @@ -81,7 +82,7 @@ define tripleo::certmonger::haproxy ( dnsname => $dnsnames_real, certfile => $service_certificate, keyfile => $service_key, - postsave_cmd => $postsave_cmd, + postsave_cmd => $postsave_cmd_real, principal => $principal, wait => true, tag => 'haproxy-cert', |