[kolla-ansible] haproxy tls key location
Hi All,
Reading through https://docs.openstack.org/kolla-ansible/latest/admin/tls.html and global.yml / passwords.yml in my deploy I see configuration for certificates but not where to set the key (though there is a key location configuration for backend tls in globals.yml).
Unsurprisingly when I put the certs where they are expected and enable TLS the haproxy containers fail because they don't have a key.
What am I missing here?
Thanks, -Jon
On Tue, Sep 12, 2023 at 8:20 AM Jonathan Proulx jon@csail.mit.edu wrote:
Hi All,
Reading through https://docs.openstack.org/kolla-ansible/latest/admin/tls.html and global.yml / passwords.yml in my deploy I see configuration for certificates but not where to set the key (though there is a key location configuration for backend tls in globals.yml).
Unsurprisingly when I put the certs where they are expected and enable TLS the haproxy containers fail because they don't have a key.
What am I missing here?
HAProxy likes to put everything in one file. concatenate your key onto the end of your certificate chain.
-Erik
Thanks, -Jon
-- Jonathan Proulx (he/him) Sr. Technical Architect The Infrastructure Group MIT CSAIL
You create a single file with both certificate and key in it. ________________________________ From: Jonathan Proulx jon@csail.mit.edu Sent: 12 September 2023 13:18 To: openstack-discuss openstack-discuss@lists.openstack.org Subject: [kolla-ansible] haproxy tls key location
CAUTION: This email originates from outside THG
Hi All,
Reading through https://docs.openstack.org/kolla-ansible/latest/admin/tls.htmlhttps://docs.openstack.org/kolla-ansible/latest/admin/tls.html and global.yml / passwords.yml in my deploy I see configuration for certificates but not where to set the key (though there is a key location configuration for backend tls in globals.yml).
Unsurprisingly when I put the certs where they are expected and enable TLS the haproxy containers fail because they don't have a key.
What am I missing here?
Thanks, -Jon
-- Jonathan Proulx (he/him) Sr. Technical Architect The Infrastructure Group MIT CSAIL
On Tue, Sep 12, 2023 at 09:47:14AM -0400, Erik McCormick wrote:
:HAProxy likes to put everything in one file. concatenate your key onto the :end of your certificate chain.
Ah yes the many flavors of "cert"...thanks again Erik.
-Jon
participants (3)
-
Danny Webb
-
Erik McCormick
-
Jonathan Proulx