From 040411c2a4f8b1fbd1e4a5598e5ea0e6a4306e06 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Fri, 4 Aug 2017 11:15:45 +0300
Subject: Modify resource dependencies of certmonger_user resources

In a containerized environment the haproxy class might not be defined,
so this was made optional. On the other hand, this also retrieves the
CRL before any certmonger_certificate resources are created.

bp tls-via-certmonger-containers
Change-Id: I2078da7757ff3af1d05d36315fcebd54bb4ca3ec
---
 manifests/certmonger/haproxy.pp           | 13 +++++++------
 manifests/profile/base/certmonger_user.pp |  5 ++++-
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 3def337..d4f4ad2 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -88,13 +88,14 @@ define tripleo::certmonger::haproxy (
       require      => Class['::certmonger'],
     }
     concat { $service_pem :
-      ensure  => present,
-      mode    => '0640',
-      owner   => 'haproxy',
-      group   => 'haproxy',
-      tag     => 'haproxy-cert',
-      require => Package[$::haproxy::params::package_name],
+      ensure => present,
+      mode   => '0640',
+      owner  => 'haproxy',
+      group  => 'haproxy',
+      tag    => 'haproxy-cert',
     }
+    Package<| name == $::haproxy::params::package_name |> -> Concat[$service_pem]
+
     concat::fragment { "${title}-cert-fragment":
       target  => $service_pem,
       source  => $service_certificate,
diff --git a/manifests/profile/base/certmonger_user.pp b/manifests/profile/base/certmonger_user.pp
index 231a1d0..2ac4b6e 100644
--- a/manifests/profile/base/certmonger_user.pp
+++ b/manifests/profile/base/certmonger_user.pp
@@ -80,13 +80,16 @@ class tripleo::profile::base::certmonger_user (
   unless empty($haproxy_certificates_specs) {
     $reload_haproxy = ['systemctl reload haproxy']
     Class['::tripleo::certmonger::ca::crl'] ~> Haproxy::Balancermember<||>
-    Class['::tripleo::certmonger::ca::crl'] ~> Class['::haproxy']
+    if defined(Class['::haproxy']) {
+      Class['::tripleo::certmonger::ca::crl'] ~> Class['::haproxy']
+    }
   } else {
     $reload_haproxy = []
   }
   class { '::tripleo::certmonger::ca::crl' :
     reload_cmds => $reload_haproxy,
   }
+  Certmonger_certificate<||> -> Class['::tripleo::certmonger::ca::crl']
   include ::tripleo::certmonger::ca::libvirt
 
   unless empty($apache_certificates_specs) {
-- 
cgit 1.2.3-korg