Run local CA trust before haproxy deployment

Before haproxy tries to use the TLS certificates it should already
trust the CA. So it's necessary for the local CA-related manifest to
notify the ::tripleo::haproxy class.

This works for newly set deployments. deployments that have already
ran the ca-trust section will already trust the CA and thus won't
need that part.

Change-Id: I32ded4e33abffd51f220fb8a7dc6263aace72acd

diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp
index 8e73ce3..7951941 100644 (file)
--- a/manifests/profile/base/haproxy.pp
+++ b/manifests/profile/base/haproxy.pp
@@ -68,7 +68,9 @@ class tripleo::profile::base::haproxy (
         # This is only needed for certmonger's local CA. For any other CA this
         # operation (trusting the CA) should be done by the deployer.
         if $certmonger_ca == 'local' {
-          include ::tripleo::certmonger::ca::local
+          class { '::tripleo::certmonger::ca::local':
+            notify => Class['::tripleo::haproxy']
+          }
         }
 
         Certmonger_certificate {