path: root/releasenotes
diff options
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-06-29 15:03:11 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-07-31 13:30:14 +0000
commite51e79692032d2cf8c6092e86c5a28a0e7f1832d (patch)
treef1b8615c5d0cff941a263b8936abfedd0e534080 /releasenotes
parent01ae50352519d80810739c0f9319f74aab2e786d (diff)
Enable TLS for the HAProxy stats interface
This creates a new class for the stats interface and furtherly configures it to also use the certificates that are provided by certmonger (via the internal_certificates_specs variable). Note that the already existing haproxy_stats_certificate still works and will take precedence if it's set. bp tls-via-certmonger Change-Id: Iea65d91648ab13dbe6ec20241a1a7c95ce856e3e
Diffstat (limited to 'releasenotes')
1 files changed, 8 insertions, 0 deletions
diff --git a/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml b/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml
new file mode 100644
index 0000000..2f981a1
--- /dev/null
+++ b/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml
@@ -0,0 +1,8 @@
+ - When TLS everywhere is enabled, the HAProxy stats interface will also use
+ TLS. This requires the user to access the interface through the ctlplane
+ FQDN (which is configured by the CloudNameCtlplane parameter in
+ tripleo-heat-templates). Note that one can still use the
+ haproxy_stats_certificate parameter from the haproxy class, and that one
+ will take precedence if set.