Code Review / apex-puppet-tripleo.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 2bb37b6) | patch
Use CRL for HAProxy
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>
Thu, 4 May 2017 10:28:01 +0000 (13:28 +0300)
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>
Thu, 8 Jun 2017 13:57:18 +0000 (16:57 +0300)
commitc8d2a1133e8aff13acf52da2ab29e8dccda1e6b6
tree270619a42fecc794661a1c8a88daa119e68c58abtree | snapshot
parent2bb37b6189693d7588730eeb080f85009c3b6d6ccommit | diff
Use CRL for HAProxy

This sets up the CRL file to be triggered on the certmonger_user
resource. Furtherly, HAProxy uses this CRL file in the member options,
thus effectively enabling revocation for proxied nodes.

So, if a certificate has been revoked by the CA, HAProxy will not proxy
requests to it.

bp tls-via-certmonger

Change-Id: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd
manifests/haproxy.pp diff | blob | history
manifests/profile/base/certmonger_user.pp diff | blob | history
releasenotes/notes/HAProxy-CRL-d05b555f92ff55ed.yaml [new file with mode: 0644] blob