diff options
| author |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-03-13 14:09:36 +0200 |
|---|---|---|
| committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-03-13 15:15:33 +0200 |
| commit | bee651abcb5f604fc0c4e11e45da65412c9af023 (patch) | |
| tree | d131482584139ea464640ba46ce67d4119afc2d6 /manifests/certmonger | |
| parent | 8a6e4c7b99437d8d358b2637dc4ed81b82bfdac5 (diff) | |
HAProxy: Refactor certificate retrieval bits
This moves the certificate request bits to simplify the profile and move
the logic to the HAProxy/certmonger specific manifest.
This is a small iteration on the effort to separate the certificate
retrieval to its own manifest since this part won't be containerized
yet.
Change-Id: Ibb01cd9a59049e4728615cb4f37e5bfac5800a92
Diffstat (limited to 'manifests/certmonger')
| -rw-r--r-- | manifests/certmonger/haproxy.pp | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 3b8fd09..6668440 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -52,14 +52,27 @@ define tripleo::certmonger::haproxy ( $certmonger_ca = hiera('certmonger_ca', 'local'), $principal = undef, ){ + include ::certmonger include ::haproxy::params + # This is only needed for certmonger's local CA. For any other CA this + # operation (trusting the CA) should be done by the deployer. + if $certmonger_ca == 'local' { + class { '::tripleo::certmonger::ca::local': + notify => Class['::tripleo::haproxy'] + } + } + certmonger_certificate { "${title}-cert": + ensure => 'present', + ca => $certmonger_ca, hostname => $hostname, dnsname => $hostname, certfile => $service_certificate, keyfile => $service_key, postsave_cmd => $postsave_cmd, principal => $principal, + wait => true, + require => Class['::certmonger'], } concat { $service_pem : ensure => present, |