diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2016-04-14 08:29:15 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2016-04-14 08:29:15 +0000 |
| commit | 25d403306d1b300bb344f7b655de7487bdddce0e (patch) | |
| tree | a263f918b9ee62265de04397fa6933dc16c83d44 /manifests/loadbalancer.pp | |
| parent | 794b0f8b123c840b0abefe829715a92ad25a4d32 (diff) | |
| parent | 7cb2d7d79262d36ac6e0514ef7bc0472824a5d19 (diff) | |
Merge "Add support for internal/admin endpoint TLS in HAProxy"
Diffstat (limited to 'manifests/loadbalancer.pp')
| -rw-r--r-- | manifests/loadbalancer.pp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 02a080c..f9d0473 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -119,6 +119,11 @@ # When set, enables SSL on the public API endpoints using the specified file. # Defaults to undef # +# [*internal_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the internal API endpoints using the specified file. +# Defaults to undef +# # [*ssl_cipher_suite*] # The default string describing the list of cipher algorithms ("cipher suite") # that are negotiated during the SSL/TLS handshake for all "bind" lines. This @@ -314,6 +319,7 @@ class tripleo::loadbalancer ( $controller_hosts = undef, $controller_hosts_names = undef, $service_certificate = undef, + $internal_certificate = undef, $ssl_cipher_suite = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES', $ssl_options = 'no-sslv3', $haproxy_stats_certificate = undef, @@ -577,6 +583,7 @@ class tripleo::loadbalancer ( haproxy_listen_bind_param => $haproxy_listen_bind_param, member_options => $haproxy_member_options, public_certificate => $service_certificate, + internal_certificate => $internal_certificate, } $stats_base = ['enable', 'uri /'] |