diff options
| -rw-r--r-- | manifests/certmonger/haproxy.pp | 10 | ||||
| -rw-r--r-- | manifests/profile/base/haproxy.pp | 3 |
2 files changed, 9 insertions, 4 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 0168227..504acf3 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -47,6 +47,7 @@ define tripleo::certmonger::haproxy ( $postsave_cmd, $principal = undef, ){ + include ::haproxy::params certmonger_certificate { "${title}-cert": hostname => $hostname, dnsname => $hostname, @@ -56,10 +57,11 @@ define tripleo::certmonger::haproxy ( principal => $principal, } concat { $service_pem : - ensure => present, - mode => '0640', - owner => 'haproxy', - group => 'haproxy', + ensure => present, + mode => '0640', + owner => 'haproxy', + group => 'haproxy', + require => Package[$::haproxy::params::package_name], } concat::fragment { "${title}-cert-fragment": target => $service_pem, diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp index 68ff3e4..e018f36 100644 --- a/manifests/profile/base/haproxy.pp +++ b/manifests/profile/base/haproxy.pp @@ -79,6 +79,9 @@ class tripleo::profile::base::haproxy ( require => Class['::certmonger'], } create_resources('::tripleo::certmonger::haproxy', $certificates_specs) + # The haproxy fronends (or listen resources) depend on the certificate + # existing and need to be refreshed if it changed. + Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||> } include ::tripleo::haproxy |