From ecbda7c8510d877399dffe46676ccc34ab7d5cb3 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 9 Aug 2021 10:49:21 -0700
Subject: [PATCH] haproxy: add staging ocp cert for api-int

haproxy needs to terminate ssl for the api part of the ocp cluster.
We can't do this in apache without listening for non standard ports and
that could be a mess, so terminate ssl here and talk into the cluster

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/haproxy/tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
index 62e6f48ae5..5d0287b51c 100644
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -40,6 +40,14 @@
   tags:
   - haproxy
 
+- name: install ocp api pem cert
+  copy: src={{ private }}/files/httpd/api-int.ocp{{ env_suffix }}.fedoraproject.org.pem
+        dest=/etc/haproxy/ocp4.pem
+        owner=root group=root mode=0600
+  tags:
+  - haproxy
+  when: env == "staging"
+
 - name: install libsemanage
   package:
     state: present