5413c41121
If directory is defined instead of certificate files, haproxy will attempt to treat all files within as a pem bundled certs. And will fail its configuration test. To avoid this we can put generated by pki certificates into a temporary directory and them put only valid bundle file into haproxy_ssl_cert_path. Such approach allows us to put additional certificates to the directory outside of the haproxy_server role and keep the directory clean. This also eliminates the need to list all additional custom certificates and calculated by role ones. Additionally added a cleanup/move of the certs if haproxy_ssl_temp_path set to be different from haproxy_ssl_cert_path which allows a transition from old setup. Change-Id: I3662195cb2248d8841e1525d5e6d86f84ca876d3
4.4 KiB
4.4 KiB