From e51e79692032d2cf8c6092e86c5a28a0e7f1832d Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Thu, 29 Jun 2017 15:03:11 +0300
Subject: Enable TLS for the HAProxy stats interface

This creates a new class for the stats interface and furtherly
configures it to also use the certificates that are provided by
certmonger (via the internal_certificates_specs variable).

Note that the already existing haproxy_stats_certificate still works and
will take precedence if it's set.

bp tls-via-certmonger

Change-Id: Iea65d91648ab13dbe6ec20241a1a7c95ce856e3e
---
 releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml

(limited to 'releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml')

diff --git a/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml b/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml
new file mode 100644
index 0000000..2f981a1
--- /dev/null
+++ b/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - When TLS everywhere is enabled, the HAProxy stats interface will also use
+    TLS. This requires the user to access the interface through the ctlplane
+    FQDN (which is configured by the CloudNameCtlplane parameter in
+    tripleo-heat-templates). Note that one can still use the
+    haproxy_stats_certificate parameter from the haproxy class, and that one
+    will take precedence if set.
-- 
cgit 1.2.3-korg