From aaeace8c72ad7e9ea540c7055f0e16e2ed797f58 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Wed, 23 Aug 2017 09:01:53 +0300
Subject: Certmonger: Only attempt to reload haproxy is it's active

Previously, certmonger tried to reload haproxy every time after a
certificate is requested. This is useful for certificate resubmits or
renewals. However, it turned out problematic on installation, when
haproxy is not yet active, as it would try many times and end up having
a race-condition with puppet.

This checks if haproxy is active and only then will it attempt to reload
it.

Change-Id: I51f9cccb5d1518a9647778e7bf6f9426a02ceb60
Closes-Bug: #1712377
(cherry picked from commit 351ab932514f13d7a139b0b41fdc4f6f7e990c8f)
---
 manifests/certmonger/haproxy.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'manifests')

diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 819348d..266054f 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -74,7 +74,7 @@ define tripleo::certmonger::haproxy (
       $dnsnames_real = $hostname
     }
 
-    $postsave_cmd_real = pick($postsave_cmd, 'systemctl reload haproxy')
+    $postsave_cmd_real = pick($postsave_cmd, 'if systemctl -q is-active haproxy; then systemctl reload haproxy; else true; fi')
     certmonger_certificate { "${title}-cert":
       ensure       => 'present',
       ca           => $certmonger_ca,
-- 
cgit 1.2.3-korg