From 1b119110c052805eaf30be26df5fb30809eb49e0 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Wed, 2 Aug 2017 10:34:02 +0300 Subject: Enable TLS for containerized haproxy This bind mounts the certificates if TLS is enabled in the internal network. It also disables the CRL usage since we can't restart haproxy at the rate that the CRL is updated. This will be addressed later and is a known limitation of using containerized haproxy (there's the same issue in the HA scenario). To address the different UID that the certs and keys will have, I added an extra step that changes the ownership of these files; though this only gets included if TLS in the internal network is enabled. bp tls-via-certmonger-containers Depends-On: I2078da7757ff3af1d05d36315fcebd54bb4ca3ec Change-Id: Ic6ca88ee7b6b256ae6182e60e07498a8a793d66a --- environments/docker-services-tls-everywhere.yaml | 1 + 1 file changed, 1 insertion(+) (limited to 'environments') diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 49d02e6f..e227366c 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -41,3 +41,4 @@ resource_registry: OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml + OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml -- cgit 1.2.3-korg