openstack/puppet-tripleo
Code Issues Proposed changes
5897851335
puppet-tripleo/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml
Juan Antonio Osorio Robles e51e796920 Enable TLS for the HAProxy stats interface 
This creates a new class for the stats interface and furtherly
configures it to also use the certificates that are provided by
certmonger (via the internal_certificates_specs variable).

Note that the already existing haproxy_stats_certificate still works and
will take precedence if it's set.

bp tls-via-certmonger

Change-Id: Iea65d91648ab13dbe6ec20241a1a7c95ce856e3e
2017-07-31 13:30:14 +00:00

9 lines
408 B
YAML
Raw Blame History

---
features:
- When TLS everywhere is enabled, the HAProxy stats interface will also use
TLS. This requires the user to access the interface through the ctlplane
FQDN (which is configured by the CloudNameCtlplane parameter in
tripleo-heat-templates). Note that one can still use the
haproxy_stats_certificate parameter from the haproxy class, and that one
will take precedence if set.
View Git Blame Copy Permalink