From 192fd80e942be67ccbb1ddea6666ba341ae33bf8 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Thu, 15 Sep 2016 10:30:21 +0300 Subject: Fix dependencies for HAProxy when certmonger is used Installing the undercloud with generate_service_certificate=True fails if HAProxy is not pre-installed. This is due to missing dependency setting on our puppet manifests. We need to specify that the PEM file needs to be written only if the haproxy user and group exist (which comes from the package) and that the haproxy frontend configuration needs to be notified if there are changes in the certificates. Change-Id: Iba3030e4489eb31f9c07ab49913687d8b595a91b Closes-Bug: #1623805 --- manifests/certmonger/haproxy.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'manifests/certmonger') diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 0168227..504acf3 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -47,6 +47,7 @@ define tripleo::certmonger::haproxy ( $postsave_cmd, $principal = undef, ){ + include ::haproxy::params certmonger_certificate { "${title}-cert": hostname => $hostname, dnsname => $hostname, @@ -56,10 +57,11 @@ define tripleo::certmonger::haproxy ( principal => $principal, } concat { $service_pem : - ensure => present, - mode => '0640', - owner => 'haproxy', - group => 'haproxy', + ensure => present, + mode => '0640', + owner => 'haproxy', + group => 'haproxy', + require => Package[$::haproxy::params::package_name], } concat::fragment { "${title}-cert-fragment": target => $service_pem, -- cgit 1.2.3-korg