Openstack stein TLS configuration with combined method of interfaces
mark at stackhpc.com
Fri Jan 15 08:50:47 UTC 2021
On Fri, 15 Jan 2021 at 07:59, roshan anvekar <roshananvekar at gmail.com> wrote:
> Openstack version: stein
> Deployment method: kolla-ansible
> I am trying to set up TLS for Openstack endpoint.
> I have chosen combined method of vip address where I supply only kolla_internal_vip_address and network_interface details. I do not enable external kolla vip address.
> After this I set up kolla_enable_tls_external: 'yes' and pass the kolla_external_fqdn_cert certificates.
> The installation is successful but I see that http link opens but https:// endpoint does not open at all. Is as good as not available.
> Any reason for this?
Hi. From the Stein documentation :
"The kolla_internal_vip_address and kolla_external_vip_address must be
different to enable TLS on the external network."
>From the Train release it is possible to enable TLS on the internal
VIP, although Ussuri is typically necessary to make it work if you
have a private CA.
More information about the openstack-discuss