containerized haproxy fail to deploy when enable_internal_tls is set to true
Bug #1709563 reported by
Damien Ciabrini
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Damien Ciabrini |
Bug Description
With the "TLS everywhere" work, HAProxy can now proxy internal endpoints such as galera over TLS.
This works on non-containerized deployment, but containerized HAProxy deployments do not bind-mount all the expected certs and so they fail to be configured properly.
Changed in tripleo: | |
assignee: | nobody → Damien Ciabrini (dciabrin) |
status: | New → In Progress |
Changed in tripleo: | |
importance: | Undecided → Critical |
milestone: | none → pike-rc1 |
Changed in tripleo: | |
importance: | Critical → High |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/491599 /git.openstack. org/cgit/ openstack/ puppet- tripleo/ commit/ ?id=1f695f183ae 114650d222ab743 4bdeb2587a82aa
Committed: https:/
Submitter: Jenkins
Branch: master
commit 1f695f183ae1146 50d222ab7434bde b2587a82aa
Author: Damien Ciabrini <email address hidden>
Date: Mon Aug 7 20:26:33 2017 +0000
Enable TLS configuration for containerized HAProxy
In non-containerized deployments, HAProxy can be configured to use TLS
for proxying internal services.
Fix the creation of the of the haproxy bundle resource to enable TLS
when configured. The keys and certs files, as well as the crl file are
all passed as configuration files and must be copied by Kolla at
container startup.
Change-Id: I4b72739446c63f 0f0ac9f859314a4 d6746e20255
Partial-Bug: #1709563