Merge "Internal TLS: Use specific CA file for haproxy"
This commit is contained in:
commit
6b80b35736
@ -37,6 +37,11 @@ parameters:
|
||||
MonitoringSubscriptionHaproxy:
|
||||
default: 'overcloud-haproxy'
|
||||
type: string
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
|
||||
resources:
|
||||
|
||||
@ -71,6 +76,7 @@ outputs:
|
||||
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
|
||||
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
|
||||
tripleo::haproxy::redis_password: {get_param: RedisPassword}
|
||||
tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
|
||||
tripleo::profile::base::haproxy::certificates_specs:
|
||||
map_merge:
|
||||
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
features:
|
||||
- Adds the InternalTLSCAFile parameter, which defines which CA file should be
|
||||
used by the internal services to verify that the peer's certificate is
|
||||
trusted. This is applicable if internal TLS is enabled. Currently, it
|
||||
defaults to using the CA file for FreeIPA, which is the default CA.
|
Loading…
Reference in New Issue
Block a user