haproxy: add staging ocp cert for api-int

haproxy needs to terminate ssl for the api part of the ocp cluster. We can't do this in apache without listening for non standard ports and that could be a mess, so terminate ssl here and talk into the cluster Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-08-09 10:49:21 -07:00 · 2021-08-09 10:49:21 -07:00 · ecbda7c851
commit ecbda7c851
parent d78d1070f8
1 changed files with 8 additions and 0 deletions
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@ -40,6 +40,14 @@
  tags:
  - haproxy

+- name: install ocp api pem cert
+  copy: src={{ private }}/files/httpd/api-int.ocp{{ env_suffix }}.fedoraproject.org.pem
+        dest=/etc/haproxy/ocp4.pem
+        owner=root group=root mode=0600
+  tags:
+  - haproxy
+  when: env == "staging"
+
 - name: install libsemanage
  package:
    state: present