summaryrefslogtreecommitdiffstats
path: root/manifests/certmonger
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-03-13 14:09:36 +0200
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-03-13 15:15:33 +0200
commitbee651abcb5f604fc0c4e11e45da65412c9af023 (patch)
treed131482584139ea464640ba46ce67d4119afc2d6 /manifests/certmonger
parent8a6e4c7b99437d8d358b2637dc4ed81b82bfdac5 (diff)
HAProxy: Refactor certificate retrieval bits
This moves the certificate request bits to simplify the profile and move the logic to the HAProxy/certmonger specific manifest. This is a small iteration on the effort to separate the certificate retrieval to its own manifest since this part won't be containerized yet. Change-Id: Ibb01cd9a59049e4728615cb4f37e5bfac5800a92
Diffstat (limited to 'manifests/certmonger')
-rw-r--r--manifests/certmonger/haproxy.pp13
1 files changed, 13 insertions, 0 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 3b8fd09..6668440 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -52,14 +52,27 @@ define tripleo::certmonger::haproxy (
$certmonger_ca = hiera('certmonger_ca', 'local'),
$principal = undef,
){
+ include ::certmonger
include ::haproxy::params
+ # This is only needed for certmonger's local CA. For any other CA this
+ # operation (trusting the CA) should be done by the deployer.
+ if $certmonger_ca == 'local' {
+ class { '::tripleo::certmonger::ca::local':
+ notify => Class['::tripleo::haproxy']
+ }
+ }
+
certmonger_certificate { "${title}-cert":
+ ensure => 'present',
+ ca => $certmonger_ca,
hostname => $hostname,
dnsname => $hostname,
certfile => $service_certificate,
keyfile => $service_key,
postsave_cmd => $postsave_cmd,
principal => $principal,
+ wait => true,
+ require => Class['::certmonger'],
}
concat { $service_pem :
ensure => present,