Certmonger: Only attempt to reload haproxy is it's active

Previously, certmonger tried to reload haproxy every time after a
certificate is requested. This is useful for certificate resubmits or
renewals. However, it turned out problematic on installation, when
haproxy is not yet active, as it would try many times and end up having
a race-condition with puppet.

This checks if haproxy is active and only then will it attempt to reload
it.

Change-Id: I51f9cccb5d1518a9647778e7bf6f9426a02ceb60
Closes-Bug: #1712377
(cherry picked from commit 351ab932514f13d7a139b0b41fdc4f6f7e990c8f)

diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 819348d..266054f 100644 (file)
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -74,7 +74,7 @@ define tripleo::certmonger::haproxy (
       $dnsnames_real = $hostname
     }
 
-    $postsave_cmd_real = pick($postsave_cmd, 'systemctl reload haproxy')
+    $postsave_cmd_real = pick($postsave_cmd, 'if systemctl -q is-active haproxy; then systemctl reload haproxy; else true; fi')
     certmonger_certificate { "${title}-cert":
       ensure       => 'present',
       ca           => $certmonger_ca,