diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2016-04-18 20:11:06 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2016-04-18 20:11:06 +0000 |
| commit | 7d60f728d09757e8a6728227132b0c72c8e0e752 (patch) | |
| tree | 133d998e38bc7723611877dfb829a05722bff584 | |
| parent | 4afed8617e56b1d9648955b971d5c2e4cd3cd7f8 (diff) | |
| parent | 55af7266a45d04a3e3ffa4fe7bcb3cf01b6f8191 (diff) | |
Merge "Reload haproxy after injecting certs w/o pcmk too"
| -rw-r--r-- | puppet/extraconfig/tls/tls-cert-inject.yaml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 77b11378..e281ef51 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -63,6 +63,14 @@ resources: openssl rsa -noout -modulus -in ${cert_path} \ | openssl md5 | cut -c 10- \ > ${heat_outputs_path}.key_modulus + # We need to reload haproxy in case the certificate changed because + # puppet doesn't know the contents of the cert file. The pacemaker + # case is handled separately in a pacemaker-specific resource. + pacemaker_status=$(systemctl is-active pacemaker) + haproxy_status=$(systemctl is-active haproxy) + if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then + systemctl reload haproxy + fi ControllerTLSDeployment: type: OS::Heat::SoftwareDeployment |