commit 1a5be7eca598e839c206827031a8aff6b94add93
Author: Francesco Pantano <fpantano@redhat.com>
Date:   Fri Oct 2 10:48:53 2020 +0200

    Make ceph_dashboard haproxy config parametric
    
    This change adds some parameters needed to make the Ceph Dashboard
    haproxy section working when in a tls-everywhere enabled scenario.
    In addition, the purpose of the change is to make the haproxy Ceph
    dashboard config consistent with the reference documentation [1]
    that describes the ssl use case and its prerequisites [2].
    
    [1] https://docs.ceph.com/en/latest/mgr/dashboard/#haproxy-example-configuration
    [2] https://docs.ceph.com/en/latest/mgr/dashboard/#disable-the-redirection
    
    Change-Id: Ifb7a8d25b27457965c4ece21fbbb448bf204e32c

diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index e547f15..fd74b79 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -368,7 +368,7 @@
 #
 # [*ceph_dashboard_network*]
 #  (optional) Specify the network ceph_dashboard is running on.
-#  Defaults to hiera('ceph_mgr', undef)
+#  Defaults to hiera('ceph_dashboard_network', undef)
 #
 # [*cinder_network*]
 #  (optional) Specify the network cinder is running on.
@@ -967,6 +967,11 @@ class tripleo::haproxy (
   }
 
   if $ceph_dashboard {
+    if $enable_internal_tls {
+      $ceph_dashboard_tls_member_options = ['ssl check verify none']
+    } else {
+      $ceph_dashboard_tls_member_options = []
+    }
     ::tripleo::haproxy::endpoint { 'ceph_dashboard':
       internal_ip     => hiera('ceph_dashboard_vip', $controller_virtual_ip),
       service_port    => $ports[ceph_dashboard_port],
@@ -980,7 +985,7 @@ class tripleo::haproxy (
         'http-check' => 'expect rstatus 2[0-9][0-9]',
       }),
       service_network => $ceph_dashboard_network,
-      member_options  => union($haproxy_member_options, $internal_tls_member_options),
+      member_options  => union($haproxy_member_options, $ceph_dashboard_tls_member_options),
     }
   }