From 70494971e6a647fe6fc16b6660291133aa939bbb Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Mon, 1 Aug 2016 11:45:33 +0300
Subject: Run local CA trust before haproxy deployment

Before haproxy tries to use the TLS certificates it should already
trust the CA. So it's necessary for the local CA-related manifest to
notify the ::tripleo::haproxy class.

This works for newly set deployments. deployments that have already
ran the ca-trust section will already trust the CA and thus won't
need that part.

Change-Id: I32ded4e33abffd51f220fb8a7dc6263aace72acd
---
 manifests/profile/base/haproxy.pp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'manifests/profile')

diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp
index 8e73ce3..7951941 100644
--- a/manifests/profile/base/haproxy.pp
+++ b/manifests/profile/base/haproxy.pp
@@ -68,7 +68,9 @@ class tripleo::profile::base::haproxy (
         # This is only needed for certmonger's local CA. For any other CA this
         # operation (trusting the CA) should be done by the deployer.
         if $certmonger_ca == 'local' {
-          include ::tripleo::certmonger::ca::local
+          class { '::tripleo::certmonger::ca::local':
+            notify => Class['::tripleo::haproxy']
+          }
         }
 
         Certmonger_certificate {
-- 
cgit 1.2.3-korg