containerized haproxy fail to deploy when enable_internal_tls is set to true
Bug #1709563 reported by
Damien Ciabrini
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tripleo |
Fix Released
|
High
|
Damien Ciabrini | ||
Bug Description
With the "TLS everywhere" work, HAProxy can now proxy internal endpoints such as galera over TLS.
This works on non-containerized deployment, but containerized HAProxy deployments do not bind-mount all the expected certs and so they fail to be configured properly.
| Changed in tripleo: | |
| assignee: | nobody → Damien Ciabrini (dciabrin) |
| status: | New → In Progress |
| Changed in tripleo: | |
| importance: | Undecided → Critical |
| milestone: | none → pike-rc1 |
| Changed in tripleo: | |
| importance: | Critical → High |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to puppet-tripleo (master) | #1 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to tripleo-heat-templates (master) | #2 |
| Changed in tripleo: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/tripleo-heat-templates 7.0.0.0rc1 | #3 |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit 1f695f183ae1146
Author: Damien Ciabrini <email address hidden>
Date: Mon Aug 7 20:26:33 2017 +0000
Enable TLS configuration for containerized HAProxy
In non-containerized deployments, HAProxy can be configured to use TLS
for proxying internal services.
Fix the creation of the of the haproxy bundle resource to enable TLS
when configured. The keys and certs files, as well as the crl file are
all passed as configuration files and must be copied by Kolla at
container startup.
Change-Id: I4b72739446c63f
Partial-Bug: #1709563