X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fextraconfig%2Ftls%2Ftls-cert-inject.yaml;h=2a61afc072153a5960ad8ebe83b78aab7fcf6d24;hb=90a0c87608e8f9fe37acd659ac6b130791a743e8;hp=20bb373784a0dde54ba5df79794c4559bce25fe2;hpb=89f39db00c315105d522b9c3753ce3759411aa55;p=apex-tripleo-heat-templates.git

diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 20bb3737..2a61afc0 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -1,11 +1,11 @@
-heat_template_version: 2015-04-30
+heat_template_version: ocata
 
 description: >
   This is a template which will build the TLS Certificates necessary
   for the load balancer using the given parameters.
 
 parameters:
-  # Can be overriden via parameter_defaults in the environment
+  # Can be overridden via parameter_defaults in the environment
   SSLCertificate:
     description: >
       The content of the SSL certificate (without Key) in PEM format.
@@ -21,7 +21,7 @@ parameters:
     type: string
     hidden: true
 
-  # Can be overriden by parameter_defaults if the user wants to try deploying
+  # Can be overridden by parameter_defaults if the user wants to try deploying
   # this in a distro that doesn't support this path.
   DeployedSSLCertificatePath:
     default: '/etc/pki/tls/private/overcloud_endpoint.pem'
@@ -63,6 +63,12 @@ resources:
         openssl rsa -noout -modulus -in ${cert_path} \
           | openssl md5 | cut -c 10- \
           > ${heat_outputs_path}.key_modulus
+        # We need to reload haproxy in case the certificate changed because
+        # puppet doesn't know the contents of the cert file.
+        haproxy_status=$(systemctl is-active haproxy)
+        if [ "$haproxy_status" = "active" ]; then
+            systemctl reload haproxy
+        fi
 
   ControllerTLSDeployment:
     type: OS::Heat::SoftwareDeployment