openstack/openstack-ansible
Code Issues Proposed changes

Merge "Configure HAProxy SSL frontends with cipher suite"

Browse Source
This commit is contained in:
Jenkins 2015-09-23 20:54:54 +00:00 committed by Gerrit Code Review
commit 798fb26378
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
playbooks/roles/haproxy_server/defaults/main.yml
View File

@ -78,3 +78,4 @@ haproxy_ssl_key: /etc/ssl/private/haproxy.key
haproxy_ssl_pem: /etc/ssl/private/haproxy.pem haproxy_ssl_pem: /etc/ssl/private/haproxy.pem
haproxy_ssl_ca_cert: /etc/ssl/certs/haproxy-ca.pem haproxy_ssl_ca_cert: /etc/ssl/certs/haproxy-ca.pem
haproxy_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}" haproxy_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
haproxy_ssl_cipher_suite: "{{ ssl_cipher_suite }}"

2
playbooks/roles/haproxy_server/templates/service.j2
View File

@ -1,7 +1,7 @@
# {{ ansible_managed }} # {{ ansible_managed }}
frontend {{ item.service.haproxy_service_name }}-front frontend {{ item.service.haproxy_service_name }}-front
bind {{ item.service.haproxy_bind|default('*') }}:{{ item.service.haproxy_port }} {% if item.service.haproxy_ssl is defined and item.service.haproxy_ssl | bool %}ssl crt {{ haproxy_ssl_pem }}{% endif %} bind {{ item.service.haproxy_bind|default('*') }}:{{ item.service.haproxy_port }} {% if item.service.haproxy_ssl is defined and item.service.haproxy_ssl | bool %}ssl crt {{ haproxy_ssl_pem }} ciphers {{ haproxy_ssl_cipher_suite }}{% endif %}
{% if item.service.haproxy_balance_type == "http" %} {% if item.service.haproxy_balance_type == "http" %}
option httplog option httplog