openstack/openstack-ansible
Code Issues Proposed changes
5e37cdf534
openstack-ansible/playbooks/defaults/source_install.yml
Damian Dabrowski f600f995e4 Enable TLS frontend for repo_server by default 
We aim to secure traffic from haproxy to repo backends with TLS[1].
But there is no point in doing that unless the traffic to haproxy
frontend is encrypted.

This patch enables TLS on repo frontend when `haproxy_ssl_all_vips` is
enabled.

[1] https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/876429

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/877429
Change-Id: I9f0f40977b13a150e30f000dee8d7309bbffe74f
2023-04-07 20:26:49 +00:00

39 lines
1.9 KiB
YAML
Raw Blame History

---
# Copyright 2018, SUSE LINUX GmbH.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
cinder_bin: "/openstack/venvs/cinder-{{ venv_tag }}/bin"
keystone_bin: "/openstack/venvs/keystone-{{ venv_tag }}/bin"
nova_bin: "/openstack/venvs/nova-{{ venv_tag }}/bin"
neutron_bin: "/openstack/venvs/neutron-{{ venv_tag }}/bin"
# URL for the frozen internal openstack repo.
repo_release_path: "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}/{{ os_distro_version }}"
## OpenStack source options
openstack_repo_protocol: "{{ openstack_service_internaluri_proto }}"
openstack_repo_url: "{{ openstack_repo_protocol }}://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
openstack_repo_git_url: "git://{{ internal_lb_vip_address }}"
## Delegate all service setup tasks to the utility host, and use the utility venv python interpreter
openstack_service_setup_host: "{{ groups['utility_all'][0] }}"
openstack_service_setup_host_python_interpreter: "/openstack/venvs/utility-{{ openstack_release }}/bin/python"
## Delegate all database setup tasks to the utility host, and use the utility venv python interpreter
openstack_db_setup_host: "{{ openstack_service_setup_host }}"
openstack_db_setup_python_interpreter: "{{ openstack_service_setup_host_python_interpreter }}"
# Locally cached copy on the repo server for the OpenStack upper-constraints.txt
requirements_git_url: "{{ openstack_repo_url }}/constraints/upper_constraints_cached.txt"
View Git Blame Copy Permalink