Configure crl file for HAProxy

This will enable HAProxy to use CRLs for the nodes it's proxying.

bp tls-via-certmonger

Depends-On: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd
Change-Id: I2558113bf83674ce22d99364b63c0c5be446bf77

1 files changed, 6 insertions, 0 deletions

diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index a71491c0..619cf131 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -50,6 +50,11 @@ parameters:
     type: string
     description: Specifies the default CA cert to use if TLS is used for
                  services in the internal network.
+  InternalTLSCRLPEMFile:
+    default: '/etc/pki/CA/crl/overcloud-crl.pem'
+    type: string
+    description: Specifies the default CRL PEM file to use for revocation if
+                 TLS is used for services in the internal network.
 
 resources:
 
@@ -89,6 +94,7 @@ outputs:
             tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
             tripleo::haproxy::redis_password: {get_param: RedisPassword}
             tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
+            tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
             tripleo::profile::base::haproxy::certificates_specs:
               map_merge:
                 - get_attr: [HAProxyPublicTLS, role_data, certificates_specs]