HAProxy: Mount the CA certificate if TLS everywhere is enabled
In non-pacemaker containerized setups, the CA certificate wasn't mounted on HAProxy. It's needed. Change-Id: If289ad457465a674a232ec6207f69f201ba78251
This commit is contained in:
Juan Antonio Osorio Robles
parent
4e52204ee8
commit
3de6bc039c
|
|
@ -198,16 +198,17 @@ outputs:
|
|||
- - {get_param: DeployedSSLCertificatePath}
|
||||
- {get_param: DeployedSSLCertificatePath}
|
||||
- 'ro'
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- /etc/pki/tls/certs/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/haproxy:ro
|
||||
- ''
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- - /etc/pki/tls/certs/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/haproxy:ro
|
||||
- /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro
|
||||
- ''
|
||||
- list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- 'ro'
|
||||
- null
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
metadata_settings:
|
||||
|
|
|
|||
Loading…
Reference in New Issue