certmonger postsave command for haproxy doesn't actually upadate the bundled PEM
Bug #1712514 reported by
Juan Antonio Osorio Robles
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Juan Antonio Osorio Robles |
Bug Description
HAProxy requires a PEM file for TLS that has the certificate and the key, unlike other applications which use sepparate files. While the aforementioned certificate and key are bundled together in one file by puppet, the bundled file is not recreated when certmonger does a resubmit or a renewal of the certificate. This will cause certmonger to reload haproxy, but harpoxy will still serve the old bundle.
Changed in tripleo: | |
importance: | Undecided → High |
milestone: | none → pike-rc1 |
Changed in tripleo: | |
milestone: | pike-rc1 → pike-rc2 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/496572
Review: https:/