36640a8f43
This change adds support for SSL to the haproxy role. When enabled, this implements/upgrades haproxy to v1.5.x from a PPA. * A new boolean variable called 'haproxy_ssl' enables/disables the configuration of SSL for the haproxy service. * A new variable called 'haproxy_ssl_self_signed_subject' has been implemented to allow the user to override the certificate properties, such as the CN and subjectAltName. * A new variable called 'haproxy_cert_regen' has been implemented to allow the user to regenerate the self-signed certificate used for the SSL endpoint. * SSL will only be enabled for a load balanced service if haproxy_ssl is true in the service vars. This has only been implemented for the Keystone service endpoints in this patch. * The keystone admin service endpoint will only have SSL enabled if keystone_service_adminuri_proto == 'https'. * The keystone internal/public service endpoint will only have SSL enabled if keystone_service_publicuri_proto == 'https'. Implements: blueprint keystone-federation Change-Id: I069f1a0f928feb754816b7d450929fb62df66244 |
||
|---|---|---|
| .. | ||
| haproxy_config.yml | ||