openstack-ansible/haproxy_pin.pref.j2 at bcb291774e3fd3958ec07cc5d4c82a1ed5f06978 - openstack-ansible - OpenDev: Free Software Needs Free Tools

openstack/openstack-ansible

Miguel Grinberg 36640a8f43 SSL support for haproxy

This change adds support for SSL to the haproxy role. When
enabled, this implements/upgrades haproxy to v1.5.x from a PPA.

* A new boolean variable called 'haproxy_ssl' enables/disables
  the configuration of SSL for the haproxy service.

* A new variable called 'haproxy_ssl_self_signed_subject' has
  been implemented to allow the user to override the certificate
  properties, such as the CN and subjectAltName.

* A new variable called 'haproxy_cert_regen' has been
  implemented to allow the user to regenerate the self-signed
  certificate used for the SSL endpoint.

* SSL will only be enabled for a load balanced service if
  haproxy_ssl is true in the service vars. This has only been
  implemented for the Keystone service endpoints in this patch.

* The keystone admin service endpoint will only have SSL enabled
  if keystone_service_adminuri_proto == 'https'.

* The keystone internal/public service endpoint will only have
  SSL enabled if keystone_service_publicuri_proto == 'https'.

Implements: blueprint keystone-federation
Change-Id: I069f1a0f928feb754816b7d450929fb62df66244

2015-07-13 16:05:40 +00:00

6 lines

97 B

Django/Jinja

Raw Blame History

 # {{ ansible_managed }}
 Package: *
 Pin: release o=LP-PPA-vbernat-haproxy-1.5
 Pin-Priority: 1001