From 56e56b1511180abbe9c00b989035e7cd7872da1c Mon Sep 17 00:00:00 2001
From: Francesco Pantano <fpantano@redhat.com>
Date: Mon, 15 Jun 2020 13:40:23 +0200
Subject: [PATCH] Make haproxy.pp honor EnableInternalTLS for rgw

haproxy.pp assumes that Ceph rgw instances cannot be SSL
encrypted and generates invalid haproxy configuration files
in setups where EnableInternalTLS is set to true.

This patch makes haproxy.pp honor EnableInternalTLS and
include internal_tls_member_options in the member_options
for Ceph rgw instances.

Change-Id: If59a27b28eb61ab2c1ff84f5047261e8695234d4
Closes-Bug: #1883296
(cherry picked from commit 436bfaa158d8ff48b9e499158f6edd00df22e0a4)
---
 manifests/haproxy.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 353aa346c..5d2c27fe9 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -1577,6 +1577,7 @@ class tripleo::haproxy (
       public_ssl_port   => $ports[ceph_rgw_ssl_port],
       service_network   => $ceph_rgw_network,
       listen_options    => merge($default_listen_options, { 'option' => [ 'httpchk GET /' ] }),
+      member_options    => union($haproxy_member_options, $internal_tls_member_options),
     }
   }