From a9695bd47038776ee4e38c584b593551c1f64250 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Wed, 2 Aug 2017 10:19:48 +0300
Subject: Ensure directory exists for certificates for haproxy

We used to rely on a standard directory for the certificates and keys
that are requested by certmonger. However, given the approach we plan to
take for containers that's described in the blueprint, we need to use
service-specific directories for the certs/keys, since we plan to
bind-mount these into the containers, and we don't want to bind mount
any keys/certs from other services.

Thus, we start by creating this directories if they don't exist in the
filesystem and adding the proper selinux labels.

bp tls-via-certmonger-containers

Change-Id: Iba3adb9464a755e67c6f87d1233b3affa8be565a
---
 manifests/profile/base/certmonger_user.pp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'manifests/profile/base')

diff --git a/manifests/profile/base/certmonger_user.pp b/manifests/profile/base/certmonger_user.pp
index 7a6559e..231a1d0 100644
--- a/manifests/profile/base/certmonger_user.pp
+++ b/manifests/profile/base/certmonger_user.pp
@@ -98,6 +98,7 @@ class tripleo::profile::base::certmonger_user (
     ensure_resources('tripleo::certmonger::libvirt', $libvirt_certificates_specs)
   }
   unless empty($haproxy_certificates_specs) {
+    include ::tripleo::certmonger::haproxy_dirs
     ensure_resources('tripleo::certmonger::haproxy', $haproxy_certificates_specs)
     # The haproxy fronends (or listen resources) depend on the certificate
     # existing and need to be refreshed if it changed.
-- 
cgit 1.2.3-korg