# The hostname that certmonger will use as the common name for the
# certificate.
#
-# [*postsave_cmd*]
-# The post-save-command that certmonger will use once it renews the
-# certificate.
-#
# [*certmonger_ca*]
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
# [*principal*]
# The haproxy service principal that is set for HAProxy in kerberos.
#
+# [*postsave_cmd*]
+# The post-save-command that certmonger will use once it renews the
+# certificate.
+#
define tripleo::certmonger::haproxy (
$service_pem,
$service_certificate,
$service_key,
$hostname,
- $postsave_cmd,
$certmonger_ca = hiera('certmonger_ca', 'local'),
$dnsnames = undef,
$principal = undef,
+ $postsave_cmd = undef,
){
include ::certmonger
include ::haproxy::params
$dnsnames_real = $hostname
}
+ $postsave_cmd_real = pick($postsave_cmd, 'systemctl reload haproxy')
certmonger_certificate { "${title}-cert":
ensure => 'present',
ca => $certmonger_ca,
dnsname => $dnsnames_real,
certfile => $service_certificate,
keyfile => $service_key,
- postsave_cmd => $postsave_cmd,
+ postsave_cmd => $postsave_cmd_real,
principal => $principal,
wait => true,
tag => 'haproxy-cert',
# in the certificate. If left unset, the value will be set to the $hostname.
# Defaults to undef
#
+# [*postsave_cmd*]
+# (Optional) Specifies the command to execute after requesting a certificate.
+# If nothing is given, it will default to: "systemctl restart ${service name}"
+# Defaults to undef.
+#
# [*principal*]
# The haproxy service principal that is set for HAProxy in kerberos.
#
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
$dnsnames = undef,
+ $postsave_cmd = undef,
$principal = undef,
) {
include ::certmonger
$dnsnames_real = $hostname
}
- $postsave_cmd = "systemctl reload ${::apache::params::service_name}"
+ $postsave_cmd_real = pick($postsave_cmd, "systemctl reload ${::apache::params::service_name}")
certmonger_certificate { $name :
ensure => 'present',
certfile => $service_certificate,
hostname => $hostname,
dnsname => $dnsnames_real,
principal => $principal,
- postsave_cmd => $postsave_cmd,
+ postsave_cmd => $postsave_cmd_real,
ca => $certmonger_ca,
wait => true,
tag => 'apache-cert',
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*postsave_cmd*]
+# (Optional) Specifies the command to execute after requesting a certificate.
+# If nothing is given, it will default to: "systemctl restart ${service name}"
+# Defaults to undef.
+#
# [*principal*]
# (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef
$service_key,
$service_pem,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $postsave_cmd = undef,
$principal = undef,
) {
include ::certmonger
include ::mongodb::params
- $postsave_cmd = "systemctl restart ${::mongodb::params::service_name}"
+ $postsave_cmd_real = pick($postsave_cmd, "systemctl restart ${::mongodb::params::service_name}")
certmonger_certificate { 'mongodb' :
ensure => 'present',
certfile => $service_certificate,
hostname => $hostname,
dnsname => $hostname,
principal => $principal,
- postsave_cmd => $postsave_cmd,
+ postsave_cmd => $postsave_cmd_real,
ca => $certmonger_ca,
wait => true,
require => Class['::certmonger'],
# This parameter can take both a string or an array of strings.
# Defaults to $hostname
#
+# [*postsave_cmd*]
+# (Optional) Specifies the command to execute after requesting a certificate.
+# If nothing is given, it will default to: "systemctl restart ${service name}"
+# Defaults to undef.
+#
# [*principal*]
# (Optional) The haproxy service principal that is set for MySQL in kerberos.
# Defaults to undef
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
$dnsnames = $hostname,
+ $postsave_cmd = undef,
$principal = undef,
) {
include ::certmonger
include ::mysql::params
- $postsave_cmd = "systemctl reload ${::mysql::params::server_service_name}"
+ $postsave_cmd_real = pick($postsave_cmd, "systemctl reload ${::mysql::params::server_service_name}")
certmonger_certificate { 'mysql' :
ensure => 'present',
certfile => $service_certificate,
hostname => $hostname,
dnsname => $dnsnames,
principal => $principal,
- postsave_cmd => $postsave_cmd,
+ postsave_cmd => $postsave_cmd_real,
ca => $certmonger_ca,
wait => true,
require => Class['::certmonger'],
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*postsave_cmd*]
+# (Optional) Specifies the command to execute after requesting a certificate.
+# If nothing is given, it will default to: "systemctl restart ${service name}"
+# Defaults to undef.
+#
# [*principal*]
# (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef
$service_certificate,
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $postsave_cmd = undef,
$principal = undef,
) {
include ::certmonger
include ::rabbitmq::params
- $postsave_cmd = "systemctl restart ${::rabbitmq::params::service_name}"
+ $postsave_cmd_real = pick($postsave_cmd, "systemctl restart ${::rabbitmq::params::service_name}")
certmonger_certificate { 'rabbitmq' :
ensure => 'present',
certfile => $service_certificate,
hostname => $hostname,
dnsname => $hostname,
principal => $principal,
- postsave_cmd => $postsave_cmd,
+ postsave_cmd => $postsave_cmd_real,
ca => $certmonger_ca,
wait => true,
require => Class['::certmonger'],
# it will create.
# Defaults to hiera('apache_certificate_specs', {}).
#
+# [*apache_postsave_cmd*]
+# (Optional) If set, it overrides the default way to restart apache when the
+# certificate is renewed.
+# Defaults to undef
+#
# [*haproxy_certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
# Defaults to hiera('tripleo::profile::base::haproxy::certificate_specs', {}).
#
+# [*haproxy_postsave_cmd*]
+# (Optional) If set, it overrides the default way to restart haproxy when the
+# certificate is renewed.
+# Defaults to undef
+#
# [*libvirt_certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
#
class tripleo::profile::base::certmonger_user (
$apache_certificates_specs = hiera('apache_certificates_specs', {}),
+ $apache_postsave_cmd = undef,
$haproxy_certificates_specs = hiera('tripleo::profile::base::haproxy::certificates_specs', {}),
+ $haproxy_postsave_cmd = undef,
$libvirt_certificates_specs = hiera('libvirt_certificates_specs', {}),
$mongodb_certificate_specs = hiera('mongodb_certificate_specs',{}),
$mysql_certificate_specs = hiera('tripleo::profile::base::database::mysql::certificate_specs', {}),
unless empty($apache_certificates_specs) {
include ::tripleo::certmonger::apache_dirs
- ensure_resources('tripleo::certmonger::httpd', $apache_certificates_specs)
+ ensure_resources('tripleo::certmonger::httpd', $apache_certificates_specs,
+ {'postsave_cmd' => $apache_postsave_cmd})
}
unless empty($libvirt_certificates_specs) {
include ::tripleo::certmonger::libvirt_dirs
}
unless empty($haproxy_certificates_specs) {
include ::tripleo::certmonger::haproxy_dirs
- ensure_resources('tripleo::certmonger::haproxy', $haproxy_certificates_specs)
+ ensure_resources('tripleo::certmonger::haproxy', $haproxy_certificates_specs,
+ {'postsave_cmd' => $haproxy_postsave_cmd})
# The haproxy fronends (or listen resources) depend on the certificate
# existing and need to be refreshed if it changed.
Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||>
Code Review / apex-puppet-tripleo.git / commitdiff