summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
authorBen Nemec <bnemec@redhat.com>2016-04-05 12:23:12 -0500
committerBen Nemec <bnemec@redhat.com>2016-04-05 12:23:12 -0500
commit55af7266a45d04a3e3ffa4fe7bcb3cf01b6f8191 (patch)
treef344f883b0ca78131e39502bfe9127bce7bba8f2 /puppet
parent517f6b27a92fc7a12c0a561d90bde106ef35bf54 (diff)
Reload haproxy after injecting certs w/o pcmk too
This was accidentally dropped from Id5ed05b3a20d06af8ae7a3d6f859b03399b0d77d but we should handle the non-pacemaker case as well. Change-Id: Ia06746f9c536159cd7b62259e450b3dec331cdb0
Diffstat (limited to 'puppet')
-rw-r--r--puppet/extraconfig/tls/tls-cert-inject.yaml8
1 files changed, 8 insertions, 0 deletions
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 77b11378..e281ef51 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -63,6 +63,14 @@ resources:
openssl rsa -noout -modulus -in ${cert_path} \
| openssl md5 | cut -c 10- \
> ${heat_outputs_path}.key_modulus
+ # We need to reload haproxy in case the certificate changed because
+ # puppet doesn't know the contents of the cert file. The pacemaker
+ # case is handled separately in a pacemaker-specific resource.
+ pacemaker_status=$(systemctl is-active pacemaker)
+ haproxy_status=$(systemctl is-active haproxy)
+ if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then
+ systemctl reload haproxy
+ fi
ControllerTLSDeployment:
type: OS::Heat::SoftwareDeployment