Implement haproxy_pki_create_certificates variable
In cases when internal and external haproxy frontends should use different, pre-generated certificates, it's not possible to define them with haproxy_user_ssl_cert because it accepts only one certificate. In this case, certificates can be placed manually in pki/ directory. Unfortunately, with current logic, certificates creation with PKI role is disabled only when haproxy_user_ssl_cert is defined. Possibility of explicitly disabling certificates generation will be really useful. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/915320/ Change-Id: I4eed4d797160b885d5b7187e6106e6ee0073722f
This commit is contained in:
parent
2407f7273c
commit
ed8eeba8d3
|
@ -206,6 +206,9 @@ haproxy_pki_intermediate_cert_path: >-
|
|||
haproxy_pki_regen_cert: ''
|
||||
haproxy_pki_certificates: "{{ _haproxy_pki_certificates }}"
|
||||
|
||||
# SSL certificate creation
|
||||
haproxy_pki_create_certificates: "{{ haproxy_user_ssl_cert is not defined and haproxy_user_ssl_key is not defined }}"
|
||||
|
||||
# Installation details for SSL certificates
|
||||
haproxy_pki_install_certificates: "{{ _haproxy_pki_install_certificates }}"
|
||||
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
``haproxy_pki_create_certificates`` was implemented. It allows users to
|
||||
explicitly disable certificates generation with PKI role but keep using
|
||||
it for certificates distribution.
|
|
@ -54,7 +54,7 @@
|
|||
pki_authorities: "{{ haproxy_pki_authorities }}"
|
||||
pki_install_ca: "{{ haproxy_pki_install_ca }}"
|
||||
pki_regen_ca: "{{ haproxy_pki_regen_ca }}"
|
||||
pki_create_certificates: "{{ haproxy_user_ssl_cert is not defined and haproxy_user_ssl_key is not defined }}"
|
||||
pki_create_certificates: "{{ haproxy_pki_create_certificates }}"
|
||||
pki_regen_cert: "{{ haproxy_pki_regen_cert }}"
|
||||
pki_certificates: "{{ haproxy_pki_certificates }}"
|
||||
pki_install_certificates: "{{ haproxy_pki_install_certificates }}"
|
||||
|
|
Loading…
Reference in New Issue