Reload haproxy after injecting certs w/o pcmk too

author Ben Nemec <bnemec@redhat.com>

Tue, 5 Apr 2016 17:23:12 +0000 (12:23 -0500)

committer Ben Nemec <bnemec@redhat.com>

Tue, 5 Apr 2016 17:23:12 +0000 (12:23 -0500)
author Ben Nemec <bnemec@redhat.com>
Tue, 5 Apr 2016 17:23:12 +0000 (12:23 -0500)
committer Ben Nemec <bnemec@redhat.com>
Tue, 5 Apr 2016 17:23:12 +0000 (12:23 -0500)
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml

index 77b1137..e281ef5 100644 (file)
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -63,6 +63,14 @@ resources:
          openssl rsa -noout -modulus -in ${cert_path} \
            | openssl md5 | cut -c 10- \
            > ${heat_outputs_path}.key_modulus
+        # We need to reload haproxy in case the certificate changed because
+        # puppet doesn't know the contents of the cert file.  The pacemaker
+        # case is handled separately in a pacemaker-specific resource.
+        pacemaker_status=$(systemctl is-active pacemaker)
+        haproxy_status=$(systemctl is-active haproxy)
+        if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then
+            systemctl reload haproxy
+        fi
  
    ControllerTLSDeployment:
      type: OS::Heat::SoftwareDeployment
author	Ben Nemec <bnemec@redhat.com>
	Tue, 5 Apr 2016 17:23:12 +0000 (12:23 -0500)
committer	Ben Nemec <bnemec@redhat.com>
	Tue, 5 Apr 2016 17:23:12 +0000 (12:23 -0500)