diff options
| author |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-02 10:19:48 +0300 |
|---|---|---|
| committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-02 11:13:00 +0300 |
| commit | a9695bd47038776ee4e38c584b593551c1f64250 (patch) | |
| tree | 02560c6c22da0afefa2f4121b40ffec83a284e2b /manifests/certmonger/haproxy.pp | |
| parent | ee2a53afb1ad8f45be7d3986f5de2b6731048c65 (diff) | |
Ensure directory exists for certificates for haproxy
We used to rely on a standard directory for the certificates and keys
that are requested by certmonger. However, given the approach we plan to
take for containers that's described in the blueprint, we need to use
service-specific directories for the certs/keys, since we plan to
bind-mount these into the containers, and we don't want to bind mount
any keys/certs from other services.
Thus, we start by creating this directories if they don't exist in the
filesystem and adding the proper selinux labels.
bp tls-via-certmonger-containers
Change-Id: Iba3adb9464a755e67c6f87d1233b3affa8be565a
Diffstat (limited to 'manifests/certmonger/haproxy.pp')
| -rw-r--r-- | manifests/certmonger/haproxy.pp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index a5d1bf8..3def337 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -84,6 +84,7 @@ define tripleo::certmonger::haproxy ( postsave_cmd => $postsave_cmd, principal => $principal, wait => true, + tag => 'haproxy-cert', require => Class['::certmonger'], } concat { $service_pem : @@ -91,12 +92,14 @@ define tripleo::certmonger::haproxy ( mode => '0640', owner => 'haproxy', group => 'haproxy', + tag => 'haproxy-cert', require => Package[$::haproxy::params::package_name], } concat::fragment { "${title}-cert-fragment": target => $service_pem, source => $service_certificate, order => '01', + tag => 'haproxy-cert', require => Certmonger_certificate["${title}-cert"], } @@ -106,6 +109,7 @@ define tripleo::certmonger::haproxy ( target => $service_pem, source => $ca_pem, order => '10', + tag => 'haproxy-cert', require => Class['tripleo::certmonger::ca::local'], } } @@ -114,6 +118,7 @@ define tripleo::certmonger::haproxy ( target => $service_pem, source => $service_key, order => 20, + tag => 'haproxy-cert', require => Certmonger_certificate["${title}-cert"], } } |