openssl rsa -noout -modulus -in ${cert_path} \
| openssl md5 | cut -c 10- \
> ${heat_outputs_path}.key_modulus
+ # We need to reload haproxy in case the certificate changed because
+ # puppet doesn't know the contents of the cert file. The pacemaker
+ # case is handled separately in a pacemaker-specific resource.
+ pacemaker_status=$(systemctl is-active pacemaker)
+ haproxy_status=$(systemctl is-active haproxy)
+ if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then
+ systemctl reload haproxy
+ fi
ControllerTLSDeployment:
type: OS::Heat::SoftwareDeployment