openstack
/
openstack-ansible-haproxy_server
Code Issues Proposed changes

Provide custom handler name to PKI role 

At the moment PKI and haproxy do listen for the same notify, which results in
haproxy trying to generate certs in inappropriate places. This patch starts
leveraging `pki_handler_cert_installed` variable that enables us to trigger
haproxy certificate assemble only when required and expected.


Co-Authored-By: Damian Dąbrowski <damian@dabrowski.cloud>

Depends-On: https://review.opendev.org/c/openstack/ansible-role-pki/+/875757
Change-Id: I66f648e5c3104f71d6601a493b09f8cdcc3332fc
This commit is contained in:
Dmitriy Rabotyagov 2023-02-28 19:31:11 +01:00 committed by Dmitriy Rabotyagov
parent a5f285c51e
commit 47515d4b7c
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
handlers/main.yml
View File

@ -23,7 +23,7 @@
item_base_path: "{{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item_name }}"
with_items: "{{ haproxy_tls_vip_binds }}"
listen:
- cert installed
- haproxy cert installed
- name: regenerate maps
vars:

1
tasks/main.yml
View File

@ -52,6 +52,7 @@
pki_regen_cert: "{{ haproxy_pki_regen_cert }}"
pki_certificates: "{{ haproxy_pki_certificates }}"
pki_install_certificates: "{{ haproxy_pki_install_certificates }}"
pki_handler_cert_installed: "haproxy cert installed"
when:
- haproxy_ssl | bool