Provide custom handler name to PKI role
At the moment PKI and haproxy do listen for the same notify, which results in haproxy trying to generate certs in inappropriate places. This patch starts leveraging `pki_handler_cert_installed` variable that enables us to trigger haproxy certificate assemble only when required and expected. Co-Authored-By: Damian Dąbrowski <damian@dabrowski.cloud> Depends-On: https://review.opendev.org/c/openstack/ansible-role-pki/+/875757 Change-Id: I66f648e5c3104f71d6601a493b09f8cdcc3332fc
This commit is contained in:
parent
a5f285c51e
commit
47515d4b7c
|
@ -23,7 +23,7 @@
|
|||
item_base_path: "{{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item_name }}"
|
||||
with_items: "{{ haproxy_tls_vip_binds }}"
|
||||
listen:
|
||||
- cert installed
|
||||
- haproxy cert installed
|
||||
|
||||
- name: regenerate maps
|
||||
vars:
|
||||
|
|
|
@ -52,6 +52,7 @@
|
|||
pki_regen_cert: "{{ haproxy_pki_regen_cert }}"
|
||||
pki_certificates: "{{ haproxy_pki_certificates }}"
|
||||
pki_install_certificates: "{{ haproxy_pki_install_certificates }}"
|
||||
pki_handler_cert_installed: "haproxy cert installed"
|
||||
when:
|
||||
- haproxy_ssl | bool
|
||||
|
||||
|
|
Loading…
Reference in New Issue