diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-08-17 16:08:27 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-08-17 16:08:27 +0000 |
| commit | 7485822e86ecea2834dd5669a88abcc981664a0b (patch) | |
| tree | 86bf20c0ed7033225f7e3538fecd82bbf270d1fe /manifests/haproxy | |
| parent | 37da5edb7b7034c8871872701029c95b55a130de (diff) | |
| parent | 5222b8d920d5b5b2e87004c10808b6bea597720a (diff) | |
Merge "Remove extra keystone admin haproxy listen and allow TLS"
Diffstat (limited to 'manifests/haproxy')
| -rw-r--r-- | manifests/haproxy/endpoint.pp | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index bc00f2d..4436e19 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -140,15 +140,28 @@ define tripleo::haproxy::endpoint ( if !$service_network { fail("The service_network for this service is undefined. Can't configure TLS for the internal network.") } - # NOTE(jaosorior): The key of the internal_certificates_specs hash must - # must match the convention haproxy-<network name> or else this - # will fail. Futherly, it must contain the path that we'll use under - # 'service_pem'. - $internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem'] + + if $service_network == 'external' and $public_certificate { + # NOTE(jaosorior): This service has been configured to use the external + # network. We should use the public certificate in this case. + $internal_cert_path = $public_certificate + } else { + # NOTE(jaosorior): This service is configured for the internal network. + # We use the certificate spec hash. The key of the + # internal_certificates_specs hash must must match the convention + # haproxy-<network name> or else this will fail. Futherly, it must + # contain the path that we'll use under 'service_pem'. + $internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem'] + } $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $internal_cert_path])) } else { - $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), $haproxy_listen_bind_param) + if $service_network == 'external' and $public_certificate { + $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), + union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) + } else { + $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), $haproxy_listen_bind_param) + } } $bind_opts = merge($internal_bind_opts, $public_bind_opts) |