36640a8f43
This change adds support for SSL to the haproxy role. When enabled, this implements/upgrades haproxy to v1.5.x from a PPA. * A new boolean variable called 'haproxy_ssl' enables/disables the configuration of SSL for the haproxy service. * A new variable called 'haproxy_ssl_self_signed_subject' has been implemented to allow the user to override the certificate properties, such as the CN and subjectAltName. * A new variable called 'haproxy_cert_regen' has been implemented to allow the user to regenerate the self-signed certificate used for the SSL endpoint. * SSL will only be enabled for a load balanced service if haproxy_ssl is true in the service vars. This has only been implemented for the Keystone service endpoints in this patch. * The keystone admin service endpoint will only have SSL enabled if keystone_service_adminuri_proto == 'https'. * The keystone internal/public service endpoint will only have SSL enabled if keystone_service_publicuri_proto == 'https'. Implements: blueprint keystone-federation Change-Id: I069f1a0f928feb754816b7d450929fb62df66244
27 lines
818 B
YAML
27 lines
818 B
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Drop base haproxy config
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "/etc/haproxy/{{ item }}"
|
|
with_items:
|
|
- haproxy.cfg
|
|
notify: Restart haproxy
|
|
tags:
|
|
- haproxy-base-config
|
|
|
|
- include: haproxy_service_config.yml
|