openstack-ansible-haproxy_server

openstack/openstack-ansible-haproxy_server

History

Dmitriy Rabotyagov 65e53499f5 Use haproxy_vip_binds stanza for Let's Encrypt Currently Let's Encrypt is using `haproxy_bind_external_lb_vip_address` to identify naming of resulting certificate which might not match with expectations, as all other parts of code already do use `haproxy_vip_binds` for calculating resulting TLS path. This patch introduces `type` key for `haproxy_vip_binds` which is used to identify for which frontends Let's Encrypt certificate should be used as in most scenarios it's not gonna be issued for "internal" VIPs anyway due to dns-01 requirement. Also moving to single "source of truth" for VIP bindings allows to override and have control over this behaviour. Change-Id: Id07d9a0ea270d613b37b6adfa373d01a47f7421f	2024-11-10 18:23:43 +01:00
..
main.yml	Use haproxy_vip_binds stanza for Let's Encrypt	2024-11-10 18:23:43 +01:00

Dmitriy Rabotyagov 65e53499f5 Use haproxy_vip_binds stanza for Let's Encrypt

Currently Let's Encrypt is using `haproxy_bind_external_lb_vip_address`
to identify naming of resulting certificate which might not match with
expectations, as all other parts of code already do use
`haproxy_vip_binds`
for calculating resulting TLS path.

This patch introduces `type` key for `haproxy_vip_binds` which is used
to identify for which frontends Let's Encrypt certificate should be used
as in most scenarios it's not gonna be issued for "internal" VIPs anyway
due to dns-01 requirement.

Also moving to single "source of truth" for VIP bindings allows to
override and have control over this behaviour.

Change-Id: Id07d9a0ea270d613b37b6adfa373d01a47f7421f

2024-11-10 18:23:43 +01:00

main.yml

Use haproxy_vip_binds stanza for Let's Encrypt

2024-11-10 18:23:43 +01:00