From d7b449943ad17b3fbbd9d23c71699b2aacccb70b Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Wed, 7 Sep 2016 10:29:40 +0300
Subject: Fetch internal certificates for HAProxy based on network

The service profile in HAProxy has the capability of creating
certificates based on a map. The idea is to standardize this, as
some of those certificates should match certain networks the services
are listening on (with the exception of the external network which is
handled differently and the tenant network which doesn't need a
certificate). So, based on which network a certain service is
listening on, we fetch the appropriate certificate.

bp tls-via-certmonger

Change-Id: I89001ae32f46c9682aecc118753ef6cd647baa62
---
 manifests/profile/base/haproxy.pp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'manifests/profile/base/haproxy.pp')

diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp
index e018f36..afeb8c0 100644
--- a/manifests/profile/base/haproxy.pp
+++ b/manifests/profile/base/haproxy.pp
@@ -84,7 +84,9 @@ class tripleo::profile::base::haproxy (
         Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||>
       }
 
-      include ::tripleo::haproxy
+      class {'::tripleo::haproxy':
+        internal_certificates_specs => $certificates_specs,
+      }
 
       unless hiera('tripleo::haproxy::haproxy_service_manage', true) {
         # Reload HAProxy configuration if the haproxy class has refreshed or any
-- 
cgit 1.2.3-korg