Add ssl suport for opencontrail api service
Use ssl termination on haproxy Lb for OC 4.X version.
OC API does not support TLS natively in versions <= 4.x
Change-Id: Ic78fc33bc938b05ff390aeb0ba1a6d74227117e9
Related-PROD: PROD-29907
diff --git a/defaults/haproxy/init.yml b/defaults/haproxy/init.yml
index 499e085..83147ea 100644
--- a/defaults/haproxy/init.yml
+++ b/defaults/haproxy/init.yml
@@ -1,2 +1,3 @@
classes:
- system.defaults.haproxy.elasticsearch
+- system.defaults.haproxy.opencontrail
diff --git a/defaults/haproxy/opencontrail.yml b/defaults/haproxy/opencontrail.yml
new file mode 100644
index 0000000..ee0756e
--- /dev/null
+++ b/defaults/haproxy/opencontrail.yml
@@ -0,0 +1,3 @@
+parameters:
+ _param:
+ haproxy_opencontrail_api_check_params: check inter 2000 rise 2 fall 3
diff --git a/defaults/opencontrail/init.yml b/defaults/opencontrail/init.yml
index 24cd68e..1b0bf54 100644
--- a/defaults/opencontrail/init.yml
+++ b/defaults/opencontrail/init.yml
@@ -4,3 +4,9 @@
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_user: 'contrail'
+ opencontrail_api_protocol: http
+ opencontrail_api_ssl_enabled: False
+ opencontrail_api_certfile: /etc/contrail/ssl/opencontrail_api.crt
+ opencontrail_api_keyfile: /etc/contrail/ssl/opencontrail_api.key
+ opencontrail_api_cafile: /etc/contrail/ssl/ca-opencontrail_api.pem
+ opencontrail_api_all_pemfile: /etc/ssl/certs/opencontrail_api_with_chain.pem