Openstack stein TLS configuration with combined method of interfaces

Mark Goddard mark at stackhpc.com
Fri Jan 15 08:50:47 UTC 2021


On Fri, 15 Jan 2021 at 07:59, roshan anvekar <roshananvekar at gmail.com> wrote:
>
> Hello,
>
> Openstack version: stein
> Deployment method: kolla-ansible
>
> I am trying to set up TLS for Openstack endpoint.
>
> I have chosen combined method of vip address where I supply only kolla_internal_vip_address and network_interface details. I do not enable external kolla vip address.
>
> After this I set up kolla_enable_tls_external: 'yes' and pass the kolla_external_fqdn_cert certificates.
>
> The installation is successful but I see that http link opens but https:// endpoint does not open at all. Is as good as not available.
>
> Any reason for this?

Hi. From the Stein documentation [1]:

"The kolla_internal_vip_address and kolla_external_vip_address must be
different to enable TLS on the external network."

>From the Train release it is possible to enable TLS on the internal
VIP, although Ussuri is typically necessary to make it work if you
have a private CA.

[1] https://docs.openstack.org/kolla-ansible/stein/admin/advanced-configuration.html#tls-configuration
>
> Regards,
> Roshan



More information about the openstack-discuss mailing list