[kolla][ssl] Deploy third-party SSL for HAProxy
Radosław Piliszek
radoslaw.piliszek at gmail.com
Thu Sep 29 08:01:25 UTC 2022
The ``certificates`` command is for generating certificates (the help
is explicit on it).
For all-things-deployment one just needs to run ``deploy`` again.
Radek
-yoctozepto
On Wed, 28 Sept 2022 at 23:02, Satish Patel <satish.txt at gmail.com> wrote:
>
> Folks,
>
> I have GoDaddy SSL cert and trying to deploy with kolla but little big confused with this doc https://docs.openstack.org/kolla-ansible/latest/admin/tls.html
>
> I have a single interface for internal/external vip and try following config to deploy SSL/TLS for haproxy and other services.
>
> ---
> openstack_release: "wallaby"
> kolla_internal_vip_address: "10.73.0.180"
> kolla_external_vip_address: "{{ kolla_internal_vip_address }}"
> network_interface: "eth0"
> neutron_external_interface: "eth1"
>
> # TLS
> kolla_enable_tls_internal: "yes"
> kolla_certificates_dir: "/etc/kolla/certificates"
> kolla_internal_fqdn_cert: "{{ kolla_certificates_dir }}/my_company_cert.pem"
>
>
> When i run "kolla-ansible -i multinode certificates" command it deploy something but then i found it generated certificate itself (self-sign) in /etc/kolla/cacertificates directory and override my third-party cert
>
> When I tried in the browser https://foobar.com it didn't connect to 443 port that means it did not enable SSL. Am I missing something here?
>
>
>
More information about the openstack-discuss
mailing list