Enable TLS for the HAProxy stats interface

This creates a new class for the stats interface and furtherly configures it to also use the certificates that are provided by certmonger (via the internal_certificates_specs variable). Note that the already existing haproxy_stats_certificate still works and will take precedence if it's set. bp tls-via-certmonger Change-Id: Iea65d91648ab13dbe6ec20241a1a7c95ce856e3e
author: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2017-06-29 15:03:11 +0300
committer: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2017-07-31 13:30:14 +0000
commit: e51e79692032d2cf8c6092e86c5a28a0e7f1832d (patch)
tree: f1b8615c5d0cff941a263b8936abfedd0e534080 /releasenotes
parent: 01ae50352519d80810739c0f9319f74aab2e786d (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml b/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml
new file mode 100644
index 0000000..2f981a1
--- /dev/null
+++ b/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - When TLS everywhere is enabled, the HAProxy stats interface will also use
+    TLS. This requires the user to access the interface through the ctlplane
+    FQDN (which is configured by the CloudNameCtlplane parameter in
+    tripleo-heat-templates). Note that one can still use the
+    haproxy_stats_certificate parameter from the haproxy class, and that one
+    will take precedence if set.
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-06-29 15:03:11 +0300
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-07-31 13:30:14 +0000
commit	e51e79692032d2cf8c6092e86c5a28a0e7f1832d (patch)
tree	f1b8615c5d0cff941a263b8936abfedd0e534080 /releasenotes
parent	01ae50352519d80810739c0f9319f74aab2e786d (diff)