<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Andy,</p>
<p>Thank you for that, I will get straight onto that and make sure
all of the public endpoints are HTTPS. Those are the ones that I
care about for obvious reasons.</p>
<p>If I get stuck, I will be sure to chat in #openstack-ansible</p>
<p>Once again thanks for the speedy reply and help.</p>
<p>Grant<br>
</p>
<br>
<div class="moz-cite-prefix">On 28/02/17 11:42, Andy McCrae wrote:<br>
</div>
<blockquote
cite="mid:CAM2OCdMAJn8R=UnDf7OTCTUd+3ScBDT0+PyuYidM2hG7BtWVkw@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 28 February 2017 at 09:59, Grant
Morley <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:grant@absolutedevops.io" target="_blank">grant@absolutedevops.io</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi All,</p>
<p>We have an OSA Mitaka deployment and for some reason
all of the end points ( keystone, neutron, glance
etc.. ) are all reporting as HTTP rather than HTTPS.
The only thing that seems to have worked with HTTPS is
Horizon ( I know that isn't an api endpoint, just for
clarification).</p>
<p>We have placed our SSL certs in the correct directory
for the deployment "/etc/openstack_deploy/ssl/" but
for some reason when the setup has run it is only
using HTTP as below:</p>
<p>+-----------------------------<wbr>-----+-----------+------------<wbr>--+----------------+---------+<wbr>-----------+------------------<wbr>----------------------------+<br>
| ID <wbr> | Region |
Service Name | Service Type | Enabled | Interface |
URL <wbr> |<br>
+-----------------------------<wbr>-----+-----------+------------<wbr>--+----------------+---------+<wbr>-----------+------------------<wbr>----------------------------+<br>
| 0b7ca91c06334207b3199eeca432d5<wbr>fe | lon1 |
cinder | volume | True | admin |
<a moz-do-not-send="true"
class="gmail-m_8587663293326111461moz-txt-link-freetext"
href="http://10.6.0.3:8776/v1/%%28tenant_id%29s"
target="_blank">http://10.6.0.3:8776/v1/%(<wbr>tenant_id)s</a>
|<br>
| 0f7440688cbc4d1f8f3c6215888972<wbr>9d | lon1 |
keystone | identity | True | internal |
<a moz-do-not-send="true"
class="gmail-m_8587663293326111461moz-txt-link-freetext"
href="http://10.6.0.3:5000/v3" target="_blank">http://10.6.0.3:5000/v3</a> <wbr>
|</p>
<p>Is there something else I have missed or do I need to
put our SSL certs in a different directory for OSA to
setup the endpoints with HTTPS on haproxy?</p>
<p>Grateful for any help.</p>
<p>Regards,</p>
<p>Grant</p>
</div>
</blockquote>
<div> </div>
<div>Hi Grant,</div>
<div><br>
</div>
<div>I took a look back at the stable/mitaka branch for OSA
- we do default the value to be http, so if you don't
override the setting it will be setup as http.</div>
<div>That's changed since, but you can overwrite this by
setting "openstack_service_publicuri_proto: https" which
would then set the public endpoints to be https.</div>
<div>Although the paste you have above implies you want all
endpoints to be https - as it stands I don't believe there
is support for that - that is to say that </div>
<div>internal traffic (internal/admin endpoints) would be
http, and your public endpoint (terminating at your LB -
haproxy if you are using the built in one) would be</div>
<div>https. </div>
<div><br>
</div>
<div>There are a few exceptions in keystone, rabbitmq,
horizon and HAProxy: <a moz-do-not-send="true"
href="https://docs.openstack.org/developer/openstack-ansible/mitaka/install-guide/configure-sslcertificates.html">https://docs.openstack.org/developer/openstack-ansible/mitaka/install-guide/configure-sslcertificates.html</a></div>
<div><br>
</div>
<div>Here are some docs about securing haproxy with
ssl-certificates that may be helpful: <a
moz-do-not-send="true"
href="https://docs.openstack.org/developer/openstack-ansible/mitaka/install-guide/configure-haproxy.html#securing-haproxy-communication-with-ssl-certificates">https://docs.openstack.org/developer/openstack-ansible/mitaka/install-guide/configure-haproxy.html#securing-haproxy-communication-with-ssl-certificates</a></div>
<div><br>
</div>
<div>If you're stuck or running into issues feel free to
jump into the #openstack-ansible channel on Freenode IRC,
there are usually quite a few people around to help and
answer questions.</div>
<div><br>
</div>
<div>Andy</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
</div>
</div>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<!--?xml version="1.0" encoding="UTF-8" standalone="no"?-->
<title></title>
<div style="height:13px"> </div>
<div> <font face="Lucida Grande, Verdana, Arial, sans-serif"
color="#A8D8FF"> <span style="font-size: 11px; line-height:
15px; float: left; margin-right: 10px;"> <img
src="cid:part6.E9675C0D.6700B195@absolutedevops.io"
style="color: #a8d8ff; font-family: 'Lucida Grande',
Verdana, Arial, sans-serif; font-size: 11px; line-height:
15px; float: left; margin-top: 0px; margin-right: 10px"> </span>
</font>
<div style="margin-left: 80px; line-height: 15px; color:
rgb(109, 190, 255); margin-bottom: 5px;"> <span
style="font-family: Hind, 'Lucida Grande', Verdana, Arial,
sans-serif; font-size: 18px; font-weight: 200; color:
rgb(35, 157, 255);">Grant Morley</span> <span style="color:
rgb(35, 157, 255); font-size: 15px;"> </span> <font
face="Hind, Lucida Grande, Verdana, Arial, sans-serif"> <span
style="font-size: 15px;"> </span> </font> </div>
<div style="margin-left: 80px; line-height: 15px; color:
rgb(109, 190, 255); margin-bottom: 10px;"> <font face="Hind,
Lucida Grande, Verdana, Arial, sans-serif"> <span
style="font-size: 15px;">Cloud Lead</span> </font> </div>
<div style="font-family: Hind, 'Lucida Grande', Verdana, Arial,
sans-serif; font-size: 13px; margin-left: 80px; line-height:
15px; color: rgb(153, 153, 153);"> <span style="color:
#616161">Absolute</span> <span style="color: #98a5b0">DevOps
Ltd</span> <br>
Units H, J & K, Gateway 1000, Whittle Way, Stevenage,
Herts, SG1 2FP
</div>
<div style="font-family: Hind, helvetica, arial; font-size:
13px; margin-left: 80px;"> <a
href="http://www.absolutedevops.io/" style="color: #239dff;
font-family: Hind, 'Lucida Grande', Verdana, Arial,
sans-serif;line-height: 15px; margin-right: 6px;
text-decoration: none;">www.absolutedevops.io</a> <a
href="mailto:grant@absolutedevops.i" style="color: #239dff;
font-family: Hind, 'Lucida Grande', Verdana, Arial,
sans-serif;line-height: 15px; margin-right: 6px;
text-decoration: none;">grant@absolutedevops.io</a> <a
style="color: #239dff; font-family: Hind, 'Lucida Grande',
Verdana, Arial, sans-serif;line-height: 15px; margin-right:
6px;">0845 874 0580</a> </div>
</div>
</div>
</body>
</html>