X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fhaproxy.yaml;h=e32b44ddaf2a3b85fa4e062c746fd130ef28a008;hb=32fed0cb6234c47a58be417a272dfbd5411aea95;hp=9049c901893b8604ee55bbc8eac884aceafa1c35;hpb=c72bc74207d80710dad3d274fc6c3295a8d9fa5a;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 9049c901..e32b44dd 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HAproxy service configured with Puppet
@@ -37,6 +37,11 @@ parameters:
   MonitoringSubscriptionHaproxy:
     default: 'overcloud-haproxy'
     type: string
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
 
 resources:
 
@@ -71,6 +76,7 @@ outputs:
             tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
             tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
             tripleo::haproxy::redis_password: {get_param: RedisPassword}
+            tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
             tripleo::profile::base::haproxy::certificates_specs:
               map_merge:
                 - get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
@@ -78,9 +84,24 @@ outputs:
       step_config: |
         include ::tripleo::profile::base::haproxy
       upgrade_tasks:
+        - name: Check if haproxy is deployed
+          command: systemctl is-enabled haproxy
+          tags: common
+          ignore_errors: True
+          register: haproxy_enabled
+        - name: "PreUpgrade step0,validation: Check service haproxy is running"
+          shell: /usr/bin/systemctl show 'haproxy' --property ActiveState | grep '\bactive\b'
+          when: haproxy_enabled.rc == 0
+          tags: step0,validation
         - name: Stop haproxy service
-          tags: step1
+          tags: step2
+          when: haproxy_enabled.rc == 0
           service: name=haproxy state=stopped
         - name: Start haproxy service
           tags: step4 # Needed at step 4 for mysql
+          when: haproxy_enabled.rc == 0
           service: name=haproxy state=started
+      metadata_settings:
+        list_concat:
+          - {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
+          - {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}