2 files changed, 11 insertions, 7 deletions

diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml
index b6b4f270..3355a0d3 100644
--- a/puppet/services/haproxy-internal-tls-certmonger.yaml
+++ b/puppet/services/haproxy-internal-tls-certmonger.yaml
@@ -55,14 +55,16 @@ outputs:
       config_settings:
         generate_service_certificates: true
         tripleo::haproxy::use_internal_certificates: true
+        tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
+        tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
       certificates_specs:
         map_merge:
           repeat:
             template:
               haproxy-NETWORK:
-                service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem'
-                service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt'
-                service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key'
+                service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem'
+                service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt'
+                service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key'
                 hostname: "%{hiera('cloud_name_NETWORK')}"
                 postsave_cmd: "" # TODO
                 principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml
index e79d2aec..f1739f78 100644
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -38,12 +38,14 @@ outputs:
       service_name: haproxy_public_tls_certmonger
       config_settings:
         generate_service_certificates: true
-        tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
+        tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
+        tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
+        tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
       certificates_specs:
         haproxy-external:
-          service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
-          service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt'
-          service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key'
+          service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
+          service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt'
+          service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key'
           hostname: "%{hiera('cloud_name_external')}"
           postsave_cmd: "" # TODO
           principal: "haproxy/%{hiera('cloud_name_external')}"