In a containerized environment the haproxy class might not be defined,
so this was made optional. On the other hand, this also retrieves the
CRL before any certmonger_certificate resources are created.
bp tls-via-certmonger-containers
Change-Id: I2078da7757ff3af1d05d36315fcebd54bb4ca3ec
require => Class['::certmonger'],
}
concat { $service_pem :
- ensure => present,
- mode => '0640',
- owner => 'haproxy',
- group => 'haproxy',
- tag => 'haproxy-cert',
- require => Package[$::haproxy::params::package_name],
+ ensure => present,
+ mode => '0640',
+ owner => 'haproxy',
+ group => 'haproxy',
+ tag => 'haproxy-cert',
}
+ Package<| name == $::haproxy::params::package_name |> -> Concat[$service_pem]
+
concat::fragment { "${title}-cert-fragment":
target => $service_pem,
source => $service_certificate,
unless empty($haproxy_certificates_specs) {
$reload_haproxy = ['systemctl reload haproxy']
Class['::tripleo::certmonger::ca::crl'] ~> Haproxy::Balancermember<||>
- Class['::tripleo::certmonger::ca::crl'] ~> Class['::haproxy']
+ if defined(Class['::haproxy']) {
+ Class['::tripleo::certmonger::ca::crl'] ~> Class['::haproxy']
+ }
} else {
$reload_haproxy = []
}
class { '::tripleo::certmonger::ca::crl' :
reload_cmds => $reload_haproxy,
}
+ Certmonger_certificate<||> -> Class['::tripleo::certmonger::ca::crl']
include ::tripleo::certmonger::ca::libvirt
unless empty($apache_certificates_specs) {
Code Review / apex-puppet-tripleo.git / commitdiff