Code Review
/
apex-tripleo-heat-templates.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Merge "Keystone token flush cron job should log to a file"
[apex-tripleo-heat-templates.git]
/
puppet
/
extraconfig
/
tls
/
tls-cert-inject.yaml
diff --git
a/puppet/extraconfig/tls/tls-cert-inject.yaml
b/puppet/extraconfig/tls/tls-cert-inject.yaml
index
20bb373
..
2a61afc
100644
(file)
--- a/
puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/
puppet/extraconfig/tls/tls-cert-inject.yaml
@@
-1,11
+1,11
@@
-heat_template_version:
2015-04-30
+heat_template_version:
ocata
description: >
This is a template which will build the TLS Certificates necessary
for the load balancer using the given parameters.
parameters:
description: >
This is a template which will build the TLS Certificates necessary
for the load balancer using the given parameters.
parameters:
- # Can be overriden via parameter_defaults in the environment
+ # Can be overrid
d
en via parameter_defaults in the environment
SSLCertificate:
description: >
The content of the SSL certificate (without Key) in PEM format.
SSLCertificate:
description: >
The content of the SSL certificate (without Key) in PEM format.
@@
-21,7
+21,7
@@
parameters:
type: string
hidden: true
type: string
hidden: true
- # Can be overriden by parameter_defaults if the user wants to try deploying
+ # Can be overrid
d
en by parameter_defaults if the user wants to try deploying
# this in a distro that doesn't support this path.
DeployedSSLCertificatePath:
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
# this in a distro that doesn't support this path.
DeployedSSLCertificatePath:
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
@@
-63,6
+63,12
@@
resources:
openssl rsa -noout -modulus -in ${cert_path} \
| openssl md5 | cut -c 10- \
> ${heat_outputs_path}.key_modulus
openssl rsa -noout -modulus -in ${cert_path} \
| openssl md5 | cut -c 10- \
> ${heat_outputs_path}.key_modulus
+ # We need to reload haproxy in case the certificate changed because
+ # puppet doesn't know the contents of the cert file.
+ haproxy_status=$(systemctl is-active haproxy)
+ if [ "$haproxy_status" = "active" ]; then
+ systemctl reload haproxy
+ fi
ControllerTLSDeployment:
type: OS::Heat::SoftwareDeployment
ControllerTLSDeployment:
type: OS::Heat::SoftwareDeployment