openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/loadbalancer/templates/haproxy/haproxy.json.j2
Michal Arbet 3f55994bb7 Fix TLS settings when letsencrypt turned on 
- Introduced `letsencrypt_managed_certs`
  variable to handle whether letsencrypt
  will generate internal, external or both
  certificates.
- Updated certificate generation logic to use
  `letsencrypt_managed_certs` conditionally,
  replacing the previous `enable_letsencrypt` boolean.
- Adjusted tasks and templates to support
  internal/external certificate management based
  on the new variable.
- Enhanced Let's Encrypt script (`letsencrypt-lego-run.sh.j2`)
  to handle both internal and external certificates depending
  on VIP configurations.
- Refined HAProxy configuration templates to correctly map
  certificates based on TLS settings and new management logic.

Closes-bug: #2076331

Change-Id: Id80c7823fcc5d934b7369c7c0722cd78188e2ccf
Co-Authored-By: Michal Arbet <michal.arbet@ultimum.io>
2024-11-25 20:07:01 +01:00

46 lines
1.9 KiB
Django/Jinja
Raw Blame History

{
"command": "/etc/haproxy/haproxy_run.sh",
"config_files": [
{
"source": "{{ container_config_directory }}/haproxy_run.sh",
"dest": "/etc/haproxy/haproxy_run.sh",
"owner": "root",
"perm": "0700"
},
{
"source": "{{ container_config_directory }}/haproxy.cfg",
"dest": "/etc/haproxy/haproxy.cfg",
"owner": "root",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/services.d/",
"dest": "/etc/haproxy/services.d",
"owner": "root",
"perm": "0700"
}{% if kolla_enable_tls_external | bool %},
{
"source": "{{ container_config_directory }}/external-frontend-map",
"dest": "/etc/haproxy/external-frontend-map",
"owner": "root",
"perm": "0600",
"optional": {{ (not haproxy_single_external_frontend | bool) | string | lower }}
}{% endif %}{% if kolla_enable_tls_external and letsencrypt_managed_certs == 'internal' or letsencrypt_managed_certs == '' %},
{
"source": "{{ container_config_directory }}/haproxy.pem",
"dest": "/etc/haproxy/certificates/haproxy.pem",
"owner": "haproxy",
"perm": "0600",
"optional": {{ (not kolla_enable_tls_external | bool) | string | lower }}
}{% endif %}{% if kolla_enable_tls_internal | bool and letsencrypt_managed_certs == 'external' or letsencrypt_managed_certs == '' %},
{
"source": "{{ container_config_directory }}/haproxy-internal.pem",
"dest": "/etc/haproxy/certificates/haproxy-internal.pem",
"owner": "haproxy",
"perm": "0600",
"optional": {{ (not kolla_enable_tls_internal | bool) | string | lower }}
}
{% endif %}
]
}
View Git Blame Copy Permalink