summaryrefslogtreecommitdiffstats
path: root/manifests/profile/base
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-09-07 10:29:40 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-10-05 18:38:31 +0300
commitd7b449943ad17b3fbbd9d23c71699b2aacccb70b (patch)
tree0562c35e12119432b5f297f2b545df01e82975b9 /manifests/profile/base
parent87a5491525e411830b086ab37c9d8de224c33330 (diff)
Fetch internal certificates for HAProxy based on network
The service profile in HAProxy has the capability of creating certificates based on a map. The idea is to standardize this, as some of those certificates should match certain networks the services are listening on (with the exception of the external network which is handled differently and the tenant network which doesn't need a certificate). So, based on which network a certain service is listening on, we fetch the appropriate certificate. bp tls-via-certmonger Change-Id: I89001ae32f46c9682aecc118753ef6cd647baa62
Diffstat (limited to 'manifests/profile/base')
-rw-r--r--manifests/profile/base/haproxy.pp4
1 files changed, 3 insertions, 1 deletions
diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp
index e018f36..afeb8c0 100644
--- a/manifests/profile/base/haproxy.pp
+++ b/manifests/profile/base/haproxy.pp
@@ -84,7 +84,9 @@ class tripleo::profile::base::haproxy (
Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||>
}
- include ::tripleo::haproxy
+ class {'::tripleo::haproxy':
+ internal_certificates_specs => $certificates_specs,
+ }
unless hiera('tripleo::haproxy::haproxy_service_manage', true) {
# Reload HAProxy configuration if the haproxy class has refreshed or any