diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-09-07 10:29:40 +0300 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-10-05 18:38:31 +0300 |
commit | d7b449943ad17b3fbbd9d23c71699b2aacccb70b (patch) | |
tree | 0562c35e12119432b5f297f2b545df01e82975b9 /manifests/profile/base | |
parent | 87a5491525e411830b086ab37c9d8de224c33330 (diff) |
Fetch internal certificates for HAProxy based on network
The service profile in HAProxy has the capability of creating
certificates based on a map. The idea is to standardize this, as
some of those certificates should match certain networks the services
are listening on (with the exception of the external network which is
handled differently and the tenant network which doesn't need a
certificate). So, based on which network a certain service is
listening on, we fetch the appropriate certificate.
bp tls-via-certmonger
Change-Id: I89001ae32f46c9682aecc118753ef6cd647baa62
Diffstat (limited to 'manifests/profile/base')
-rw-r--r-- | manifests/profile/base/haproxy.pp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp index e018f36..afeb8c0 100644 --- a/manifests/profile/base/haproxy.pp +++ b/manifests/profile/base/haproxy.pp @@ -84,7 +84,9 @@ class tripleo::profile::base::haproxy ( Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||> } - include ::tripleo::haproxy + class {'::tripleo::haproxy': + internal_certificates_specs => $certificates_specs, + } unless hiera('tripleo::haproxy::haproxy_service_manage', true) { # Reload HAProxy configuration if the haproxy class has refreshed or any |