From 81ab07d79a56c6b44d2ca16fb51af2a0e8d09098 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Tue, 9 Feb 2016 10:42:52 -0800
Subject: ensure that expired certs are updated *before* hiera compile.

---
 lib/leap_cli/commands/compile.rb | 3 ++-
 lib/leap_cli/commands/deploy.rb  | 3 +--
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/leap_cli/commands/compile.rb b/lib/leap_cli/commands/compile.rb
index c388e5c3..44b97d4a 100644
--- a/lib/leap_cli/commands/compile.rb
+++ b/lib/leap_cli/commands/compile.rb
@@ -62,7 +62,8 @@ module LeapCli
     # but this should not be done if we are not examining all possible nodes.
     #
     def compile_hiera_files(nodes, clean_export)
-      update_compiled_ssh_configs # must come first
+      update_certificates(nodes)  # \ must come first so that output will
+      update_compiled_ssh_configs # / get included in compiled hiera files.
       sanity_check(nodes)
       manager.export_nodes(nodes)
       manager.export_secrets(clean_export)
diff --git a/lib/leap_cli/commands/deploy.rb b/lib/leap_cli/commands/deploy.rb
index c2a70afa..29c3faf5 100644
--- a/lib/leap_cli/commands/deploy.rb
+++ b/lib/leap_cli/commands/deploy.rb
@@ -49,11 +49,10 @@ module LeapCli
         environments.each do |env|
           check_platform_pinning(env, global)
         end
+
         # compile hiera files for all the nodes in every environment that is
         # being deployed and only those environments.
         compile_hiera_files(manager.filter(environments), false)
-        # update server certificates if needed
-        update_certificates(nodes)
 
         ssh_connect(nodes, connect_options(options)) do |ssh|
           ssh.leap.log :checking, 'node' do
-- 
cgit v1.2.3