openstack-ansible/tests/roles/bootstrap-host/templates/user_variables_tls.yml.j2

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# UPGRADE_TARGET_BRANCH variable is defined only during upgrade scenario
# when source version is being deployed.
{% if lookup('env', 'UPGRADE_TARGET_BRANCH') == '' %}
# Make sure that TLS is fully enabled on target release.
openstack_service_publicuri_proto: https
openstack_service_adminuri_proto: https
openstack_service_internaluri_proto: https
galera_require_secure_transport: True
haproxy_ssl: True
haproxy_ssl_all_vips: True
rabbitmq_management_ssl: True
openstack_service_backend_ssl: True
openstack_service_accept_both_protocols: True
# Keep keystone proto set to 'http'. This way we can ensure that
# `openstack_service_accept_both_protocols` works as expected.
keystone_service_publicuri_proto: http
keystone_service_adminuri_proto: http
keystone_service_internaluri_proto: http
{% else %}
# Make sure that source release has TLS fully disabled.
openstack_service_publicuri_proto: http
openstack_service_adminuri_proto: http
openstack_service_internaluri_proto: http
haproxy_ssl: False
haproxy_ssl_all_vips: False
rabbitmq_management_ssl: False
openstack_service_backend_ssl: False
openstack_service_accept_both_protocols: False
{% endif %}