From 47515d4b7c84c94df0cb54ca4fc07f36ca06a256 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Tue, 28 Feb 2023 19:31:11 +0100 Subject: [PATCH] Provide custom handler name to PKI role MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit At the moment PKI and haproxy do listen for the same notify, which results in haproxy trying to generate certs in inappropriate places. This patch starts leveraging `pki_handler_cert_installed` variable that enables us to trigger haproxy certificate assemble only when required and expected. Co-Authored-By: Damian DÄ…browski Depends-On: https://review.opendev.org/c/openstack/ansible-role-pki/+/875757 Change-Id: I66f648e5c3104f71d6601a493b09f8cdcc3332fc --- handlers/main.yml | 2 +- tasks/main.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/handlers/main.yml b/handlers/main.yml index 3355e81..bffe3e9 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -23,7 +23,7 @@ item_base_path: "{{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item_name }}" with_items: "{{ haproxy_tls_vip_binds }}" listen: - - cert installed + - haproxy cert installed - name: regenerate maps vars: diff --git a/tasks/main.yml b/tasks/main.yml index ac1a3c0..70b151b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -52,6 +52,7 @@ pki_regen_cert: "{{ haproxy_pki_regen_cert }}" pki_certificates: "{{ haproxy_pki_certificates }}" pki_install_certificates: "{{ haproxy_pki_install_certificates }}" + pki_handler_cert_installed: "haproxy cert installed" when: - haproxy_ssl | bool