diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-03-13 14:09:36 +0200 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-03-13 15:15:33 +0200 |
commit | bee651abcb5f604fc0c4e11e45da65412c9af023 (patch) | |
tree | d131482584139ea464640ba46ce67d4119afc2d6 /manifests/profile | |
parent | 8a6e4c7b99437d8d358b2637dc4ed81b82bfdac5 (diff) |
HAProxy: Refactor certificate retrieval bits
This moves the certificate request bits to simplify the profile and move
the logic to the HAProxy/certmonger specific manifest.
This is a small iteration on the effort to separate the certificate
retrieval to its own manifest since this part won't be containerized
yet.
Change-Id: Ibb01cd9a59049e4728615cb4f37e5bfac5800a92
Diffstat (limited to 'manifests/profile')
-rw-r--r-- | manifests/profile/base/haproxy.pp | 22 |
1 files changed, 1 insertions, 21 deletions
diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp index f16ec1b..8568b28 100644 --- a/manifests/profile/base/haproxy.pp +++ b/manifests/profile/base/haproxy.pp @@ -32,10 +32,6 @@ # principal: "haproxy/<undercloud fqdn>" # Defaults to {}. # -# [*certmonger_ca*] -# (Optional) The CA that certmonger will use to generate the certificates. -# Defaults to hiera('certmonger_ca', 'local'). -# # [*enable_load_balancer*] # (Optional) Whether or not loadbalancer is enabled. # Defaults to hiera('enable_load_balancer', true). @@ -55,7 +51,6 @@ # class tripleo::profile::base::haproxy ( $certificates_specs = {}, - $certmonger_ca = hiera('certmonger_ca', 'local'), $enable_load_balancer = hiera('enable_load_balancer', true), $generate_service_certificates = hiera('generate_service_certificates', false), $step = hiera('step'), @@ -63,22 +58,7 @@ class tripleo::profile::base::haproxy ( if $step >= 1 { if $enable_load_balancer { if str2bool($generate_service_certificates) { - include ::certmonger - # This is only needed for certmonger's local CA. For any other CA this - # operation (trusting the CA) should be done by the deployer. - if $certmonger_ca == 'local' { - class { '::tripleo::certmonger::ca::local': - notify => Class['::tripleo::haproxy'] - } - } - - Certmonger_certificate { - ca => $certmonger_ca, - ensure => 'present', - wait => true, - require => Class['::certmonger'], - } - create_resources('::tripleo::certmonger::haproxy', $certificates_specs) + ensure_resources('tripleo::certmonger::haproxy', $certificates_specs) # The haproxy fronends (or listen resources) depend on the certificate # existing and need to be refreshed if it changed. Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||> |