Configure crl file for HAProxy

author Juan Antonio Osorio Robles <jaosorior@redhat.com>

Thu, 4 May 2017 12:16:47 +0000 (15:16 +0300)

committer Juan Antonio Osorio Robles <jaosorior@redhat.com>

Thu, 8 Jun 2017 05:12:14 +0000 (08:12 +0300)
author Juan Antonio Osorio Robles <jaosorior@redhat.com>
Thu, 4 May 2017 12:16:47 +0000 (15:16 +0300)
committer Juan Antonio Osorio Robles <jaosorior@redhat.com>
Thu, 8 Jun 2017 05:12:14 +0000 (08:12 +0300)
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml

index a71491c..619cf13 100644 (file)
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -50,6 +50,11 @@ parameters:
      type: string
      description: Specifies the default CA cert to use if TLS is used for
                   services in the internal network.
+  InternalTLSCRLPEMFile:
+    default: '/etc/pki/CA/crl/overcloud-crl.pem'
+    type: string
+    description: Specifies the default CRL PEM file to use for revocation if
+                 TLS is used for services in the internal network.
  
  resources:
  
@@ -89,6 +94,7 @@ outputs:
              tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
              tripleo::haproxy::redis_password: {get_param: RedisPassword}
              tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
+            tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
              tripleo::profile::base::haproxy::certificates_specs:
                map_merge:
                  - get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Thu, 4 May 2017 12:16:47 +0000 (15:16 +0300)
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Thu, 8 Jun 2017 05:12:14 +0000 (08:12 +0300)