diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-03-15 13:54:46 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-03-15 13:54:46 +0000 |
commit | 0136098cc2f55e454e6d073d9750537d95c57018 (patch) | |
tree | 6fbafa0d66e7198f20f6bff46950583ad3f2ddb1 /manifests | |
parent | 43fa49ebf85db6db3b9fa8b9c5a8bf31fa7397e8 (diff) | |
parent | bee651abcb5f604fc0c4e11e45da65412c9af023 (diff) |
Merge "HAProxy: Refactor certificate retrieval bits"
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/certmonger/haproxy.pp | 13 | ||||
-rw-r--r-- | manifests/profile/base/haproxy.pp | 22 |
2 files changed, 14 insertions, 21 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 3b8fd09..6668440 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -52,14 +52,27 @@ define tripleo::certmonger::haproxy ( $certmonger_ca = hiera('certmonger_ca', 'local'), $principal = undef, ){ + include ::certmonger include ::haproxy::params + # This is only needed for certmonger's local CA. For any other CA this + # operation (trusting the CA) should be done by the deployer. + if $certmonger_ca == 'local' { + class { '::tripleo::certmonger::ca::local': + notify => Class['::tripleo::haproxy'] + } + } + certmonger_certificate { "${title}-cert": + ensure => 'present', + ca => $certmonger_ca, hostname => $hostname, dnsname => $hostname, certfile => $service_certificate, keyfile => $service_key, postsave_cmd => $postsave_cmd, principal => $principal, + wait => true, + require => Class['::certmonger'], } concat { $service_pem : ensure => present, diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp index f16ec1b..8568b28 100644 --- a/manifests/profile/base/haproxy.pp +++ b/manifests/profile/base/haproxy.pp @@ -32,10 +32,6 @@ # principal: "haproxy/<undercloud fqdn>" # Defaults to {}. # -# [*certmonger_ca*] -# (Optional) The CA that certmonger will use to generate the certificates. -# Defaults to hiera('certmonger_ca', 'local'). -# # [*enable_load_balancer*] # (Optional) Whether or not loadbalancer is enabled. # Defaults to hiera('enable_load_balancer', true). @@ -55,7 +51,6 @@ # class tripleo::profile::base::haproxy ( $certificates_specs = {}, - $certmonger_ca = hiera('certmonger_ca', 'local'), $enable_load_balancer = hiera('enable_load_balancer', true), $generate_service_certificates = hiera('generate_service_certificates', false), $step = hiera('step'), @@ -63,22 +58,7 @@ class tripleo::profile::base::haproxy ( if $step >= 1 { if $enable_load_balancer { if str2bool($generate_service_certificates) { - include ::certmonger - # This is only needed for certmonger's local CA. For any other CA this - # operation (trusting the CA) should be done by the deployer. - if $certmonger_ca == 'local' { - class { '::tripleo::certmonger::ca::local': - notify => Class['::tripleo::haproxy'] - } - } - - Certmonger_certificate { - ca => $certmonger_ca, - ensure => 'present', - wait => true, - require => Class['::certmonger'], - } - create_resources('::tripleo::certmonger::haproxy', $certificates_specs) + ensure_resources('tripleo::certmonger::haproxy', $certificates_specs) # The haproxy fronends (or listen resources) depend on the certificate # existing and need to be refreshed if it changed. Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||> |