Lbaas: SSL termination is not working
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R2.20 |
Invalid
|
High
|
Divakar Dharanalakota | |||
Trunk |
Invalid
|
High
|
Divakar Dharanalakota |
Bug Description
SSL termination is not working with lbaas. The ha proxy config has the vip bindings to port 443 , but the ssl cert config is missing in the haproxy.conf
cat /var/lib/
global
daemon
user nobody
group nogroup
stats socket /var/lib/
defaults
log global
retries 3
option redispatch
timeout connect 5000
timeout client 50000
timeout server 50000
listen contrail-
mode http
stats enable
stats uri /
stats auth haproxy:contrail123
frontend c5866fb4-
bind 11.1.0.4:443
mode http
default_backend ebf5f87a-
backend ebf5f87a-
mode http
balance roundrobin
server 136b3567-
server 1ae4d088-
server 230060be-
server 2342bb68-
server 2957fd89-
server 68c49fdc-
server 8f61b36a-
server a9c5034c-
server aafe9927-
server ab505160-
Version 2.20 Build 41 Juno 14.04
tried with below two options in agent,.conf
haproxy_
root@cs-scale-8:~# cat /etc/contrail/
haproxy_
haproxy_
root@cs-scale-8:~# cat /etc/contrail/
haproxy_
VIP-CONFIG
============
neutron --os-tenant-
description: | updated |
description: | updated |
information type: | Proprietary → Public |
Vinod,
while configuring VIP protocol needs to be configured as HTTPS for SSL connection. Configuring port 443 is not sufficient. Please try it with protocol https.
-Divakar