diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-02 10:34:02 +0300 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-08-14 15:06:14 +0000 |
commit | 1b119110c052805eaf30be26df5fb30809eb49e0 (patch) | |
tree | c6667c83b0a6654239730d59deb9316fded7ddb5 /environments | |
parent | 5144634d9bc3afd79ff934b9e913f6b9689e374b (diff) |
Enable TLS for containerized haproxy
This bind mounts the certificates if TLS is enabled in the internal
network. It also disables the CRL usage since we can't restart haproxy
at the rate that the CRL is updated. This will be addressed later and
is a known limitation of using containerized haproxy (there's the same
issue in the HA scenario). To address the different UID that the certs
and keys will have, I added an extra step that changes the ownership
of these files; though this only gets included if TLS in the internal
network is enabled.
bp tls-via-certmonger-containers
Depends-On: I2078da7757ff3af1d05d36315fcebd54bb4ca3ec
Change-Id: Ic6ca88ee7b6b256ae6182e60e07498a8a793d66a
Diffstat (limited to 'environments')
-rw-r--r-- | environments/docker-services-tls-everywhere.yaml | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 49d02e6f..e227366c 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -41,3 +41,4 @@ resource_registry: OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml + OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml |