Previously apache was configured and restarted before we configured
the CA and certs. In most cases this is fine because those specific
vhosts didn't use tls. However, if you had previously run devstack
and had leftover vhosts and an unconfigured CA or certs devstack would
fail.
This is a small corner case, but its simple to address by moving CA and
cert setup up in stack.sh to before we do anything related to web
servers.
Change-Id: I31dbaf9471088b9faff26c7b790da6f6feebb2d5
... | ... |
@@ -833,6 +833,18 @@ if is_service_enabled etcd3; then |
833 | 833 |
install_etcd3 |
834 | 834 |
fi |
835 | 835 |
|
836 |
+# Setup TLS certs |
|
837 |
+# --------------- |
|
838 |
+ |
|
839 |
+# Do this early, before any webservers are set up to ensure |
|
840 |
+# we don't run into problems with missing certs when apache |
|
841 |
+# is restarted. |
|
842 |
+if is_service_enabled tls-proxy; then |
|
843 |
+ configure_CA |
|
844 |
+ init_CA |
|
845 |
+ init_cert |
|
846 |
+fi |
|
847 |
+ |
|
836 | 848 |
# Check Out and Install Source |
837 | 849 |
# ---------------------------- |
838 | 850 |
|
... | ... |
@@ -857,13 +869,6 @@ if is_service_enabled neutron nova horizon; then |
857 | 857 |
install_neutronclient |
858 | 858 |
fi |
859 | 859 |
|
860 |
-# Setup TLS certs |
|
861 |
-if is_service_enabled tls-proxy; then |
|
862 |
- configure_CA |
|
863 |
- init_CA |
|
864 |
- init_cert |
|
865 |
-fi |
|
866 |
- |
|
867 | 860 |
# Install middleware |
868 | 861 |
install_keystonemiddleware |
869 | 862 |
|