haproxy fails to start after SSL certificate is updated
Issue
After updating the public endpoint certificate for OpenStack, the haproxy resource is not starting anymore, failing with the following error:
pcs status
[...]
Failed Resource Actions:
* haproxy-bundle-docker-0_start_0 on controller-0 'unknown error' (1): call=115, status=complete, exitreason='Newly created docker container exited after start',
last-rc-change='Tue Nov 9 19:01:43 2021', queued=0ms, exec=1946ms
[...]
In the systemd journal, the following error is logged:
[root@controller-0 ~]$ journalctl --boot
Nov 09 17:54:03 controller-0.example.com dockerd-current[4716]: [ALERT] 312/175403 (12) : parsing [/etc/haproxy/haproxy.cfg:220] : 'bind 10.56.5.254:13778' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
Nov 09 17:54:03 controller-0.example.com dockerd-current[4716]: [ALERT] 312/175403 (12) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
Environment
- Red Hat OpenStack Platform 16
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.