[kolla-ansible] haproxy tls key location
Hi All, Reading through https://docs.openstack.org/kolla-ansible/latest/admin/tls.html and global.yml / passwords.yml in my deploy I see configuration for certificates but not where to set the key (though there is a key location configuration for backend tls in globals.yml). Unsurprisingly when I put the certs where they are expected and enable TLS the haproxy containers fail because they don't have a key. What am I missing here? Thanks, -Jon -- Jonathan Proulx (he/him) Sr. Technical Architect The Infrastructure Group MIT CSAIL
On Tue, Sep 12, 2023 at 8:20 AM Jonathan Proulx <jon@csail.mit.edu> wrote:
Hi All,
Reading through https://docs.openstack.org/kolla-ansible/latest/admin/tls.html and global.yml / passwords.yml in my deploy I see configuration for certificates but not where to set the key (though there is a key location configuration for backend tls in globals.yml).
Unsurprisingly when I put the certs where they are expected and enable TLS the haproxy containers fail because they don't have a key.
What am I missing here?
HAProxy likes to put everything in one file. concatenate your key onto the end of your certificate chain. -Erik
Thanks, -Jon
-- Jonathan Proulx (he/him) Sr. Technical Architect The Infrastructure Group MIT CSAIL
On Tue, Sep 12, 2023 at 09:47:14AM -0400, Erik McCormick wrote: :HAProxy likes to put everything in one file. concatenate your key onto the :end of your certificate chain. Ah yes the many flavors of "cert"...thanks again Erik. -Jon
You create a single file with both certificate and key in it. ________________________________ From: Jonathan Proulx <jon@csail.mit.edu> Sent: 12 September 2023 13:18 To: openstack-discuss <openstack-discuss@lists.openstack.org> Subject: [kolla-ansible] haproxy tls key location CAUTION: This email originates from outside THG Hi All, Reading through https://docs.openstack.org/kolla-ansible/latest/admin/tls.html<https://docs.openstack.org/kolla-ansible/latest/admin/tls.html> and global.yml / passwords.yml in my deploy I see configuration for certificates but not where to set the key (though there is a key location configuration for backend tls in globals.yml). Unsurprisingly when I put the certs where they are expected and enable TLS the haproxy containers fail because they don't have a key. What am I missing here? Thanks, -Jon -- Jonathan Proulx (he/him) Sr. Technical Architect The Infrastructure Group MIT CSAIL
participants (3)
-
Danny Webb
-
Erik McCormick
-
Jonathan Proulx