OpenStack-Ansible

HTTPS Certificate documentation is old and badly wrong

Bug #1704770 reported by Jesse Pretorius on 2017-07-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Fix Released	High	Amy Marrich

Bug Description

The current documentation about how to configure SSL certificates [1] is pre-newton and badly wrong. It needs a refresh.

All public endpoints are behind haproxy, so the only certificate management most environments need are those for haproxy.

The variables to set to provide the path on the deployment node to the certificates are:
haproxy_user_ssl_cert, haproxy_user_ssl_key, haproxy_user_ssl_ca_cert

[1] https://docs.openstack.org/project-deploy-guide/openstack-ansible/ocata/app-advanced-config-sslcertificates.html

Tags:

Amy Marrich (amy-marrich) on 2017-07-18

Changed in openstack-ansible:
assignee:	nobody → Amy Marrich (amy-marrich)

Jean-Philippe Evrard (jean-philippe-evrard) on 2017-07-18

Changed in openstack-ansible:
status:	New → Confirmed
importance:	Undecided → Critical
importance:	Critical → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-19: Fix proposed to openstack-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/485371

Changed in openstack-ansible:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-25: Fix merged to openstack-ansible (master)

Reviewed: https://review.openstack.org/485371
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=af5c873af48054ae620d7a009e680894298661f6
Submitter: Jenkins
Branch: master

commit af5c873af48054ae620d7a009e680894298661f6
Author: Amy Marrich (spotz) <email address hidden>
Date: Wed Jul 19 17:42:37 2017 -0500

[DOCS] Update of SSL Config to include HAProxy

Updated instructions to stress HAProxy configuration for SSL

Change-Id: I091e491f50c6d40ae155a3fb9991fc7766717ff2
Closes-Bug: #1704770

Changed in openstack-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-27: Fix proposed to openstack-ansible (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/487753

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-27: Fix proposed to openstack-ansible (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/487755

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-27: Fix included in openstack/openstack-ansible 16.0.0.0b3

This issue was fixed in the openstack/openstack-ansible 16.0.0.0b3 development milestone.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-28: Fix merged to openstack-ansible (stable/ocata)

Reviewed: https://review.openstack.org/487753
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=5adfb71e7877bce02ad483064f7c10d152a83abe
Submitter: Jenkins
Branch: stable/ocata

commit 5adfb71e7877bce02ad483064f7c10d152a83abe
Author: Amy Marrich (spotz) <email address hidden>
Date: Wed Jul 19 17:42:37 2017 -0500

[DOCS] Update of SSL Config to include HAProxy

Updated instructions to stress HAProxy configuration for SSL

    Change-Id: I091e491f50c6d40ae155a3fb9991fc7766717ff2
    Closes-Bug: #1704770
    (cherry picked from commit af5c873af48054ae620d7a009e680894298661f6)

tags:	added: in-stable-ocata
tags:	added: in-stable-newton

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-28: Fix merged to openstack-ansible (stable/newton)

Reviewed: https://review.openstack.org/487755
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=ee024b7e9e07059d50b1a0e20c4fb4e84663f01d
Submitter: Jenkins
Branch: stable/newton

commit ee024b7e9e07059d50b1a0e20c4fb4e84663f01d
Author: Amy Marrich (spotz) <email address hidden>
Date: Wed Jul 19 17:42:37 2017 -0500

[DOCS] Update of SSL Config to include HAProxy

Updated instructions to stress HAProxy configuration for SSL

    Change-Id: I091e491f50c6d40ae155a3fb9991fc7766717ff2
    Closes-Bug: #1704770
    (cherry picked from commit af5c873af48054ae620d7a009e680894298661f6)