Change default value for horizon_enable_ssl

`horizon_enable_ssl` is responsible for enabling TLS on horizon backend. It defaults to `haproxy_ssl` which is generally used to enable TLS on haproxy frontends. It is more reasonable to disable it by default as it's done for other services. This patch does not change current behavior in gating as backend TLS works only with horizon_external_ssl=False(while it's set to True by default). It also does not affect behavior of horizon's haproxy frontend encryption. Change-Id: I8f207426c9dc5bcefdec42c0bfc0f5f0376509a3
2023-04-04 23:18:08 +02:00 · 2023-04-04 23:18:08 +02:00 · 9c07e79890
parent e61dab9a05
commit 9c07e79890
2 changed files with 6 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -240,7 +240,7 @@ horizon_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ horizo
 # horizon_user_ssl_ca_cert: <path to cert on ansible deployment host>

 # Toggle whether horizon should be served via SSL
-horizon_enable_ssl: "{{ (haproxy_ssl | default(True)) | bool }}"
+horizon_enable_ssl: "{{ openstack_service_backend_ssl | default(False) }}"

 # Toggle whether horizon is served via an external device, like a load
 # balancer. This enables the use of the horizon_secure_proxy_ssl_header
--- a/releasenotes/notes/horizon_enable_ssl_default-15089bd97d81ceb1.yaml
+++ b/releasenotes/notes/horizon_enable_ssl_default-15089bd97d81ceb1.yaml
@ -0,0 +1,5 @@
+---
+other:
+  - |
+    Default value for ``horizon_enable_ssl`` has changed to False.
+    (or ``openstack_service_backend_ssl`` if it is defined)