From 6c783b74fce88d23e2701bc61bdf71f1bb204a7c Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Tue, 26 Nov 2019 17:52:13 +0000
Subject: [PATCH] Add internal TLS variables to globals.yml

Change-Id: I283ccee11e360020c3e537b2f55a6be02cbdb2dd
Related: blueprint add-ssl-internal-network
---
 etc/kolla/globals.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index 6315cfbf85..d5577276a9 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -172,8 +172,12 @@
 # To provide encryption and authentication on the kolla_external_vip_interface,
 # TLS can be enabled.  When TLS is enabled, certificates must be provided to
 # allow clients to perform authentication.
-#kolla_enable_tls_external: "no"
+#kolla_enable_tls_internal: "no"
+#kolla_enable_tls_external: "{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no' }}"
 #kolla_external_fqdn_cert: "{{ node_config }}/certificates/haproxy.pem"
+#kolla_internal_fqdn_cert: "{{ node_config }}/certificates/haproxy-internal.pem"
+#kolla_external_fqdn_cacert: "{{ node_config }}/certificates/haproxy-ca.crt"
+#kolla_internal_fqdn_cacert: "{{ node_config }}/certificates/haproxy-ca-internal.crt"
 
 ################
 # Region options