Merge "Options to enable SSL for backend connections"
This commit is contained in:
commit
04a934cfd6
|
@ -166,6 +166,11 @@ An example HTTP service could look like:
|
|||
haproxy_ssl: "{{ haproxy_ssl }}"
|
||||
haproxy_port: 10000
|
||||
haproxy_balance_type: http
|
||||
# If backend connections should be secured with SSL (default False)
|
||||
haproxy_backend_ssl: True
|
||||
haproxy_backend_ca: /path/to/ca/cert.pem
|
||||
# Or if certificate validation should be disabled
|
||||
# haproxy_backend_ca: False
|
||||
|
||||
Additionally, you can specify haproxy services that are not managed
|
||||
in the Ansible inventory by manually specifying their hostnames/IP Addresses:
|
||||
|
|
|
@ -115,6 +115,15 @@ backend {{ item.service.haproxy_service_name }}-back
|
|||
{% set _ = entry.append(item.service.haproxy_backend_nodes | count | string) %}
|
||||
{% set _ = entry.append("fall") %}
|
||||
{% set _ = entry.append(item.service.haproxy_backend_nodes | count | string) %}
|
||||
{% if item.service.haproxy_backend_ssl | default(False) %}
|
||||
{% set _ = entry.append("ssl") %}
|
||||
{% if item.service.haproxy_backend_ca %}
|
||||
{% set _ = entry.append("ca-file") %}
|
||||
{% set _ = entry.append(item.service.haproxy_backend_ca) %}
|
||||
{% else %}
|
||||
{% set _ = entry.append("verify none") %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{{ entry | join(' ') }}
|
||||
{% endfor %}
|
||||
|
||||
|
@ -136,5 +145,14 @@ backend {{ item.service.haproxy_service_name }}-back
|
|||
{% set _ = entry.append("fall") %}
|
||||
{% set _ = entry.append(item.service.haproxy_backup_nodes | count | string) %}
|
||||
{% set _ = entry.append("backup") %}
|
||||
{% if item.service.haproxy_backend_ssl | default(False) %}
|
||||
{% set _ = entry.append("ssl") %}
|
||||
{% if item.service.haproxy_backend_ca %}
|
||||
{% set _ = entry.append("ca-file") %}
|
||||
{% set _ = entry.append(item.service.haproxy_backend_ca) %}
|
||||
{% else %}
|
||||
{% set _ = entry.append("verify none") %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{{ entry | join(' ') }}
|
||||
{% endfor %}
|
||||
|
|
|
@ -22,3 +22,12 @@ haproxy_service_configs:
|
|||
haproxy_balance_type: tcp
|
||||
haproxy_backend_options:
|
||||
- tcp-check
|
||||
- service:
|
||||
haproxy_service_name: test_backend_ssl
|
||||
haproxy_backend_nodes: "{{ groups['haproxy_all'] | default([]) }}"
|
||||
haproxy_port: 8180
|
||||
haproxy_backend_port: 443
|
||||
haproxy_backend_ssl: True
|
||||
haproxy_backend_ca: False
|
||||
haproxy_ssl: False
|
||||
haproxy_balance_type: http
|
||||
|
|
Loading…
Reference in New Issue