3f55994bb7
- Introduced `letsencrypt_managed_certs` variable to handle whether letsencrypt will generate internal, external or both certificates. - Updated certificate generation logic to use `letsencrypt_managed_certs` conditionally, replacing the previous `enable_letsencrypt` boolean. - Adjusted tasks and templates to support internal/external certificate management based on the new variable. - Enhanced Let's Encrypt script (`letsencrypt-lego-run.sh.j2`) to handle both internal and external certificates depending on VIP configurations. - Refined HAProxy configuration templates to correctly map certificates based on TLS settings and new management logic. Closes-bug: #2076331 Change-Id: Id80c7823fcc5d934b7369c7c0722cd78188e2ccf Co-Authored-By: Michal Arbet <michal.arbet@ultimum.io>
22 lines
793 B
YAML
22 lines
793 B
YAML
---
|
|
features:
|
|
- |
|
|
Adds new variables to be used by the letsencrypt role,
|
|
``letsencrypt_external_cert_server`` and
|
|
``letsencrypt_internal_cert_server``, It allows to
|
|
configure ACME server for internal, external
|
|
certificate generation.
|
|
upgrade:
|
|
- |
|
|
Users who have previously used the letsencrypt role for an
|
|
external certificate generation need to migrate their previous
|
|
default value (or their overridden value) of the variable
|
|
``letsencrypt_cert_server`` and set it to
|
|
``letsencrypt_external_cert_server``.The default value was
|
|
``https://acme-v02.api.letsencrypt.org/directory``
|
|
fixes:
|
|
- |
|
|
Fixes copying of custom certificates when Let's encrypt
|
|
is turned on. `LP#2076331
|
|
<https://bugs.launchpad.net/kolla-ansible/+bug/2076331>`__
|