Openstack stein TLS configuration with combined method of interfaces
Hello, Openstack version: stein Deployment method: kolla-ansible I am trying to set up TLS for Openstack endpoint. I have chosen combined method of vip address where I supply only kolla_internal_vip_address and network_interface details. I do not enable external kolla vip address. After this I set up kolla_enable_tls_external: 'yes' and pass the kolla_external_fqdn_cert certificates. The installation is successful but I see that http link opens but https:// endpoint does not open at all. Is as good as not available. Any reason for this? Regards, Roshan
On Fri, 15 Jan 2021 at 07:59, roshan anvekar <roshananvekar@gmail.com> wrote:
Hello,
Openstack version: stein Deployment method: kolla-ansible
I am trying to set up TLS for Openstack endpoint.
I have chosen combined method of vip address where I supply only kolla_internal_vip_address and network_interface details. I do not enable external kolla vip address.
After this I set up kolla_enable_tls_external: 'yes' and pass the kolla_external_fqdn_cert certificates.
The installation is successful but I see that http link opens but https:// endpoint does not open at all. Is as good as not available.
Any reason for this?
Hi. From the Stein documentation [1]: "The kolla_internal_vip_address and kolla_external_vip_address must be different to enable TLS on the external network."
From the Train release it is possible to enable TLS on the internal VIP, although Ussuri is typically necessary to make it work if you have a private CA.
[1] https://docs.openstack.org/kolla-ansible/stein/admin/advanced-configuration....
Regards, Roshan
participants (2)
-
Mark Goddard
-
roshan anvekar