openstack-ansible/playbooks/roles/haproxy_server/defaults
Jean-Philippe Evrard 422a5b1e0f Adds the ability to provide user certificates to HAProxy
This change brings similar changes as this one targeting horizon:

i.e.:
* The server key/certificate (and optionally a CA cert) are
  distributed to all haproxy containers.

* Two new variables have been implemented for a user-provided
  server key and certificate:
  - haproxy_user_ssl_cert: <path to cert on deployment host>
  - haproxy_user_ssl_key: <path to cert on deployment host>
  If either of these is not defined, then the missing cert/key
  will be self generated on each container. No distribution
  of the self generated certificates accross all the hosts
  is planned.

* A new variable has been implemented for a user-provided CA
  certificate:
  - haproxy_user_ssl_ca_cert: <path to cert on deployment host>

* The 'haproxy_cert_regen' variable has been renamed
  to 'haproxy_ssl_self_signed_regen' to have the same
  naming convention as horizon.

* A change of certificates, whether user dropped
  or role generated, triggers pem generation and server restart

DocImpact
Closes-Bug: #1487380

Change-Id: I0c88d197d8ede820ac4e0388e67a2da06b003c2b
2015-09-03 18:37:00 +00:00
..
main.yml Adds the ability to provide user certificates to HAProxy 2015-09-03 18:37:00 +00:00