From: Ben Nemec <bnemec@redhat.com>
Date: Tue, 5 Apr 2016 17:23:12 +0000 (-0500)
Subject: Reload haproxy after injecting certs w/o pcmk too
X-Git-Tag: opnfv-6.0.0~2034^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=55af7266a45d04a3e3ffa4fe7bcb3cf01b6f8191;p=apex-tripleo-heat-templates.git

Reload haproxy after injecting certs w/o pcmk too

This was accidentally dropped from
Id5ed05b3a20d06af8ae7a3d6f859b03399b0d77d but we should handle the
non-pacemaker case as well.

Change-Id: Ia06746f9c536159cd7b62259e450b3dec331cdb0
---

diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 77b11378..e281ef51 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -63,6 +63,14 @@ resources:
         openssl rsa -noout -modulus -in ${cert_path} \
           | openssl md5 | cut -c 10- \
           > ${heat_outputs_path}.key_modulus
+        # We need to reload haproxy in case the certificate changed because
+        # puppet doesn't know the contents of the cert file.  The pacemaker
+        # case is handled separately in a pacemaker-specific resource.
+        pacemaker_status=$(systemctl is-active pacemaker)
+        haproxy_status=$(systemctl is-active haproxy)
+        if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then
+            systemctl reload haproxy
+        fi
 
   ControllerTLSDeployment:
     type: OS::Heat::SoftwareDeployment