From 033e1f360025c9409d7e840b48a64c8814c3a1bd Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Wed, 25 Jan 2017 18:22:16 +0200
Subject: Use TLS proxy for neutron server's internal TLS

This uses the tls_proxy resource added in a previous commit [1] in
front of the neutron server when internal TLS is enabled. Right
now values are passed quite manually, but a subsequent commit will use
t-h-t to pass the appropriate hieradata, and then we'll be able to
clean it up from here.

Note that the proxy is only deployed when internal TLS is enabled.

[1] I82243fd3acfe4f23aab373116b78e1daf9d08467

bp tls-via-certmonger

Change-Id: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e
---
 manifests/haproxy.pp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'manifests/haproxy.pp')

diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index c399a96..b6519a2 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -863,6 +863,7 @@ class tripleo::haproxy (
       },
       public_ssl_port   => $ports[neutron_api_ssl_port],
       service_network   => $neutron_network,
+      member_options    => union($haproxy_member_options, $internal_tls_member_options),
     }
   }
 
-- 
cgit 1.2.3-korg