From 4a76c03653c6dfe8170017ac7dafd3419b2c7f52 Mon Sep 17 00:00:00 2001
From: Markos Chandras <mchandras@suse.de>
Date: Fri, 6 Apr 2018 10:30:32 +0100
Subject: xci: kubespray: Generate and use SSL certificate for HAProxy

In the OpenStack-Ansible installers we are using the XCI ssl
certificates for the endpoints but in kubespray we are generating them
on the fly. In order to keep both setups as close as possible, we can
use the XCI certificates in kubespray as well.

Change-Id: I1ca55127fe747618205394c02b3d44bb573435f4
Signed-off-by: Markos Chandras <mchandras@suse.de>
---
 xci/installer/kubespray/playbooks/configure-targethosts.yml | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'xci/installer/kubespray/playbooks/configure-targethosts.yml')

diff --git a/xci/installer/kubespray/playbooks/configure-targethosts.yml b/xci/installer/kubespray/playbooks/configure-targethosts.yml
index 4efe82fd..dd7024fb 100644
--- a/xci/installer/kubespray/playbooks/configure-targethosts.yml
+++ b/xci/installer/kubespray/playbooks/configure-targethosts.yml
@@ -23,4 +23,6 @@
       when:  xci_flavor == 'ha'
     - role: "haproxy_server"
       haproxy_service_configs: "{{ haproxy_default_services}}"
+      haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
+      haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
       when:  xci_flavor == 'ha'
-- 
cgit 1.2.3-korg