Comment 7 for bug 1863972

Ok, tls is now working on my external vip. I applied the patch provided by hrw to my ansible/roles/haproxy/tasks/config.yml file. I had to then set 'kolla_enable_tls_internal: "no"' (this is the default, I changed it trying to get tls to work) and then change 'kolla_enable_tls_external: "{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no' }}"' to 'kolla_enable_tls_external: "yes"'. After that, I ran the deploy again and it succeeded without failing.

Note that as of the 6th of March, 2020 the 'kolla-ansible certificates' command for Train doesn't generate the appropriate certificates for internal use hence why we have to make the 'kolla_enable_tls' adjustments shown above. If you are using Let's Encrypt or another CA, you shouldn't experience this issue.