Hi Radoslaw,

I meant the same ip address for internal/external vips. like the following snippet. 10.73.0.180 is used for internal and external addresses.

kolla_internal_vip_address: "10.73.0.180"
kolla_external_vip_address: "{{ kolla_internal_vip_address }}"
network_interface: "eth0"
neutron_external_interface: "eth1"

I did the following in global.yml and ran "deploy" but it stuck somewhere in nova. I am looking for errors to find out what happened. Am I missing something in the following configuration?

kolla_enable_tls_internal: "yes"
kolla_certificates_dir: "/etc/kolla/certificates"
kolla_internal_fqdn_cert: "{{ kolla_certificates_dir }}/my_company_certificate.pem"

Is the above going to enable SSL for all communications or just horizon web GUI?

On Thu, Sep 29, 2022 at 5:08 AM Radosław Piliszek <radoslaw.piliszek@gmail.com> wrote:

On Thu, 29 Sept 2022 at 11:03, Satish Patel <satish.txt@gmail.com> wrote:
> I have a similar ip address on both internal/external vip in that case how does it work? I am seeing in doc which is saying.

I don't know a good definition for a "similar" IP address so I assume
you mean the *same* for the rest of the answer. If that is not the
case, i.e., you have two addresses on the same network, then the
sentence below does not apply. The docs could be worded better
mayhaps...

> "If there is only a single network configured in your topology (as opposed to separate internal and external networks), TLS can only be enabled using the internal network configuration variables."
>
> Based on the above sentence I should use only kolla_enable_tls_internal: "yes" in global.yml correct? no need to use external.

Yes, when addresses are the same, k-a detects that and simply
configures everything to the kolla_enable_tls_internal and family
settings. The external family of vars should be left unset (i.e. not
included in your globals.yml).

Radek
-yoctozepto