[Openstack-operators] OSA Newton ssl endpoint issue

Grant Morley grant at absolutedevops.io
Fri Jul 21 15:10:39 UTC 2017

Hi All,

Just have a quick question that I am sure someone has already come 
across before:

We have been trying to get SSL endpoints working using our own SSL 
certificates. We get failures during the installation process, but when 
we disable SSL on multiple endpoints within the HAProxy config ( glance, 
cinder, etc ) the installation completes. Then if we re-enable SSL 
termination post installation, the endpoints work as expected. Does 
anyone know the correct work flow for installing SSL certs during the 
OSA deployment?

We think the installation is failing because ansible sets up the 
endpoints to the HAProxy VIP address and the SSL certs are not valid for 
an IP address.

Do you need to add the IP address to the cert? or disable it until you 
have deployed ( which is what we have done to get around it ) Or is 
there a better method?

Many thanks,

Grant Morley
Senior Cloud Engineer
Absolute DevOps Ltd
Units H, J & K, Gateway 1000, Whittle Way, Stevenage, Herts, SG1 2FP
www.absolutedevops.io <http://www.absolutedevops.io/> 
grant at absolutedevops.io <mailto:grant at absolutedevops.io> 0845 874 0580
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20170721/1284a3d2/attachment.html>

More information about the OpenStack-operators mailing list