From 7050852e22eedcb9525beeee83f965c914641e26 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Wed, 19 Oct 2016 10:30:18 +0300
Subject: Enable TLS in the internal network for Nova API

This optionally enables TLS for Nova API in the internal network.
If internal TLS is enabled, each node that is serving the Nova API
service will use certmonger to request its certificate.

Note that this doesn't enable internal TLS for the nova metadata
service since it doesn't run over httpd. This will be handled in
a later commit.

bp tls-via-certmonger

Change-Id: I88380a1ed8fd597a1a80488cbc6ce357f133bd70
---
 manifests/haproxy.pp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'manifests/haproxy.pp')

diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 5f563ba..0e47663 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -867,6 +867,7 @@ class tripleo::haproxy (
       },
       public_ssl_port   => $ports[nova_api_ssl_port],
       service_network   => $nova_osapi_network,
+      member_options    => union($haproxy_member_options, $internal_tls_member_options),
     }
   }
 
-- 
cgit 1.2.3-korg