[kolla][ssl] Deploy third-party SSL for HAProxy

Radosław Piliszek radoslaw.piliszek at gmail.com
Thu Sep 29 09:08:19 UTC 2022


On Thu, 29 Sept 2022 at 11:03, Satish Patel <satish.txt at gmail.com> wrote:
> I have a similar ip address on both internal/external vip in that case how does it work?  I am seeing in doc which is saying.

I don't know a good definition for a "similar" IP address so I assume
you mean the *same* for the rest of the answer. If that is not the
case, i.e., you have two addresses on the same network, then the
sentence below does not apply. The docs could be worded better
mayhaps...

> "If there is only a single network configured in your topology (as opposed to separate internal and external networks), TLS can only be enabled using the internal network configuration variables."
>
> Based on the above sentence I should use only  kolla_enable_tls_internal: "yes"  in global.yml correct? no need to use external.

Yes, when addresses are the same, k-a detects that and simply
configures everything to the kolla_enable_tls_internal and family
settings. The external family of vars should be left unset (i.e. not
included in your globals.yml).

Radek
-yoctozepto



More information about the openstack-discuss mailing list