openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/loadbalancer/templates/haproxy/haproxy.json.j2
James Kirsch 5581a28253 Add support for LetsEncrypt-managed certs 
Add support for automatic provisioning and renewal of HTTPS
certificates via LetsEncrypt.

Spec is available at:
https://etherpad.opendev.org/p/kolla-ansible-letsencrypt-https

Depends-On: https://review.opendev.org/c/openstack/kolla/+/887347
Co-Authored-By: Michal Arbet <michal.arbet@ultimum.io>
Implements: blueprint letsencrypt-https
Change-Id: I35317ea0343f0db74ddc0e587862e95408e9e106
2023-11-07 10:59:51 +01:00

47 lines
1.7 KiB
Django/Jinja
Raw Blame History

{
"command": "/etc/haproxy/haproxy_run.sh",
"config_files": [
{
"source": "{{ container_config_directory }}/haproxy_run.sh",
"dest": "/etc/haproxy/haproxy_run.sh",
"owner": "root",
"perm": "0700"
},
{
"source": "{{ container_config_directory }}/haproxy.cfg",
"dest": "/etc/haproxy/haproxy.cfg",
"owner": "root",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/services.d/",
"dest": "/etc/haproxy/services.d",
"owner": "root",
"perm": "0700"
}{% if kolla_enable_tls_external | bool and not enable_letsencrypt | bool %},
{
"source": "{{ container_config_directory }}/external-frontend-map",
"dest": "/etc/haproxy/external-frontend-map",
"owner": "root",
"perm": "0600",
"optional": {{ (not haproxy_single_external_frontend | bool) | string | lower }}
},
{
"source": "{{ container_config_directory }}/haproxy.pem",
"dest": "/etc/haproxy/certificates/haproxy.pem",
"owner": "haproxy",
"perm": "0600",
"optional": {{ (not kolla_enable_tls_external | bool) | string | lower }}
}{% endif %}
{% if kolla_enable_tls_internal | bool and not enable_letsencrypt | bool %},
{
"source": "{{ container_config_directory }}/haproxy-internal.pem",
"dest": "/etc/haproxy/certificates/haproxy-internal.pem",
"owner": "haproxy",
"perm": "0600",
"optional": {{ (not kolla_enable_tls_internal | bool) | string | lower }}
}
{% endif %}
]
}
View Git Blame Copy Permalink