Merge "Internal TLS: Use specific CA file for haproxy"

author: Jenkins <jenkins@review.openstack.org> 2017-05-03 15:28:03 +0000
committer: Gerrit Code Review <review@openstack.org> 2017-05-03 15:28:04 +0000
commit: 6b80b35736378002df05c13bd78ddc12e35ab209 (patch)
tree: c167e2775b428b273aeb67cf1ca39b23dbe2a1fd /puppet/services
parent: 9697f70dcbbb30882bf8cb90f9dd0bcfc35f087f (diff)
parent: 82ff1acf035d277dd2e7b9d7fc6e060ab2415144 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index c651bbe5..e32b44dd 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -37,6 +37,11 @@ parameters:
   MonitoringSubscriptionHaproxy:
     default: 'overcloud-haproxy'
     type: string
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
 
 resources:
 
@@ -71,6 +76,7 @@ outputs:
             tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
             tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
             tripleo::haproxy::redis_password: {get_param: RedisPassword}
+            tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
             tripleo::profile::base::haproxy::certificates_specs:
               map_merge:
                 - get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
author	Jenkins <jenkins@review.openstack.org>	2017-05-03 15:28:03 +0000
committer	Gerrit Code Review <review@openstack.org>	2017-05-03 15:28:04 +0000
commit	6b80b35736378002df05c13bd78ddc12e35ab209 (patch)
tree	c167e2775b428b273aeb67cf1ca39b23dbe2a1fd /puppet/services
parent	9697f70dcbbb30882bf8cb90f9dd0bcfc35f087f (diff)
parent	82ff1acf035d277dd2e7b9d7fc6e060ab2415144 (diff)