Krzysztof Klimonda b0ecd8b67c Implement TLS encryption for internal endpoints
This review is the first one in a series of patches and it introduces an
optional encryption for internal openstack endpoints, implementing part
of the add-ssl-internal-network spec.

Change-Id: I6589751626486279bf24725f22e71da8cd7f0a43
2019-08-22 16:39:21 -07:00

38 lines
1.2 KiB
Django/Jinja

{
"command": "/etc/haproxy/haproxy_run.sh",
"config_files": [
{
"source": "{{ container_config_directory }}/haproxy_run.sh",
"dest": "/etc/haproxy/haproxy_run.sh",
"owner": "root",
"perm": "0700"
},
{
"source": "{{ container_config_directory }}/haproxy.cfg",
"dest": "/etc/haproxy/haproxy.cfg",
"owner": "root",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/services.d/",
"dest": "/etc/haproxy/services.d",
"owner": "root",
"perm": "0700"
},
{
"source": "{{ container_config_directory }}/haproxy.pem",
"dest": "/etc/haproxy/haproxy.pem",
"owner": "root",
"perm": "0600",
"optional": {{ (not kolla_enable_tls_external | bool) | string | lower }}
},
{
"source": "{{ container_config_directory }}/haproxy-internal.pem",
"dest": "/etc/haproxy/haproxy-internal.pem",
"owner": "root",
"perm": "0600",
"optional": {{ (not kolla_enable_tls_internal | bool) | string | lower }}
}
]
}