haproxy.pp in puppet-tripleo generates wrong haproxy.cfg for SSL-protected rgw instances
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Martin Gerhard Loschwitz |
Bug Description
haproxy.pp assumes that Ceph rgw instances are always using plaintext and do not support SSL connectivity and hence explicitly ignore internal_
To the outside world, this leads to 503 errors when trying to communicate to the Ceph rgw instance, effectively making it impossible to use rgw for instance as storage for OpenShift deployments in TLS-everywhere setups.
Bug is present in HEAD as of today.
The attached patch fixes the issue and is tested.
Changed in tripleo: | |
importance: | Undecided → High |
Fix proposed to branch: master /review. opendev. org/735376
Review: https:/