diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-04-08 10:33:30 +0000 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-04-11 16:06:36 +0000 |
commit | 7cb2d7d79262d36ac6e0514ef7bc0472824a5d19 (patch) | |
tree | bf94e7137fd39a102533ba36ac00a3ec2bd47d88 /manifests/loadbalancer | |
parent | 9f31a7dbe8a98af0da05bc79a80f785db5ecac13 (diff) |
Add support for internal/admin endpoint TLS in HAProxy
This commits adds the option to pass an internal certificate.
The aforementioned certificate will be used to terminate TLS
connections for the internal and admin endpoints.
Change-Id: I9d781b42c63cf34bd1f5ba2c71014c6b9de0f990
Diffstat (limited to 'manifests/loadbalancer')
-rw-r--r-- | manifests/loadbalancer/endpoint.pp | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/manifests/loadbalancer/endpoint.pp b/manifests/loadbalancer/endpoint.pp index 12209e3..e6bb185 100644 --- a/manifests/loadbalancer/endpoint.pp +++ b/manifests/loadbalancer/endpoint.pp @@ -64,6 +64,10 @@ # Certificate path used to enable TLS for the public proxy endpoint. # Defaults to undef. # +# [*internal_certificate*] +# Certificate path used to enable TLS for the internal proxy endpoint. +# Defaults to undef. +# define tripleo::loadbalancer::endpoint ( $internal_ip, $service_port, @@ -78,6 +82,7 @@ define tripleo::loadbalancer::endpoint ( }, $public_ssl_port = undef, $public_certificate = undef, + $internal_certificate = undef, ) { if $public_virtual_ip { # service exposed to the public network @@ -96,8 +101,14 @@ define tripleo::loadbalancer::endpoint ( $public_bind_opts = {} } - $internal_bind_opts = { - "${internal_ip}:${service_port}" => $haproxy_listen_bind_param, + if $internal_certificate { + $internal_bind_opts = { + "${internal_ip}:${service_port}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]), + } + } else { + $internal_bind_opts = { + "${internal_ip}:${service_port}" => $haproxy_listen_bind_param, + } } $bind_opts = merge($internal_bind_opts, $public_bind_opts) |