Code Review / apex-tripleo-heat-templates.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 98f19c1) | patch
Restart haproxy after configuring SSL certs
authorBen Nemec <bnemec@redhat.com>
Thu, 31 Mar 2016 21:42:11 +0000 (16:42 -0500)
committerJames Slagle <jslagle@redhat.com>
Fri, 1 Apr 2016 16:42:02 +0000 (12:42 -0400)
commit4f373ea30feaa678fbc86e0cd92c875f26fdbeac
tree0db0cf4b970b6a452e7fc3698cf90c8c6b50d47atree | snapshot
parent98f19c17a6a562cfcfed2dc9edc7391933492bc9commit | diff
Restart haproxy after configuring SSL certs

If a certificate expires, the user will need to update it.  However,
because we only restart services at the end of a stack-update the
new certificate doesn't take effect until after puppet has run.
This is a problem because puppet makes OpenStack calls, which will
fail if the certificate is expired.  In that case we never get to
the service restart so the stack is wedged until the user manually
restart haproxy.

This patch addresses the problem by reloading haproxy before puppet
runs.  This is done in a pre-puppet script for pacemaker after pacemaker
is maintenance mode because we need to make sure it happens after all of
the certs have been installed on the controllers, but before puppet
runs.

For non-pacemaker, haproxy is simply reloaded.

Change-Id: Id5ed05b3a20d06af8ae7a3d6f859b03399b0d77d
extraconfig/tasks/pacemaker_maintenance_mode.sh [new file with mode: 0755] blob
extraconfig/tasks/pre_puppet_pacemaker.yaml diff | blob | history