This change brings similar changes as this one targeting horizon:
i.e.:
* The server key/certificate (and optionally a CA cert) are
distributed to all haproxy containers.
* Two new variables have been implemented for a user-provided
server key and certificate:
- haproxy_user_ssl_cert: <path to cert on deployment host>
- haproxy_user_ssl_key: <path to cert on deployment host>
If either of these is not defined, then the missing cert/key
will be self generated on each container. No distribution
of the self generated certificates accross all the hosts
is planned.
* A new variable has been implemented for a user-provided CA
certificate:
- haproxy_user_ssl_ca_cert: <path to cert on deployment host>
* The 'haproxy_cert_regen' variable has been renamed
to 'haproxy_ssl_self_signed_regen' to have the same
naming convention as horizon.
* A change of certificates, whether user dropped
or role generated, triggers pem generation and server restart
DocImpact
Closes-Bug: #1487380
Change-Id: I0c88d197d8ede820ac4e0388e67a2da06b003c2b
422a5b1e0f