d1b436658a
Certbot-auto was removed from haproxy_server role in [1]. Therefore we need to update docs and tests accordingly. [1] https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/881578 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/881578 Change-Id: I9294a05835e9020643ebd305bbbcc2c709928e6a
13 lines
431 B
Django/Jinja
13 lines
431 B
Django/Jinja
# Use the locally deployed Step-CA ACME server to configure the
|
|
# certificate for the haproxy external VIP
|
|
|
|
# SSL setup
|
|
haproxy_ssl: true
|
|
haproxy_ssl_letsencrypt_enable: True
|
|
haproxy_ssl_letsencrypt_certbot_server: "https://127.0.0.1:8889/acme/acme-osa/directory"
|
|
|
|
# openstack_hosts role should ensure that everthing trusts the Step-CA roots
|
|
openstack_host_ca_certificates:
|
|
- name: StepCARoot.crt
|
|
src: /opt/step_ca_roots.pem
|