haproxy fails to start after SSL certificate is updated

Solution In Progress - Updated -

Issue

After updating the public endpoint certificate for OpenStack, the haproxy resource is not starting anymore, failing with the following error:

 pcs status
[...]
Failed Resource Actions:
* haproxy-bundle-docker-0_start_0 on controller-0 'unknown error' (1): call=115, status=complete, exitreason='Newly created docker container exited after start',
    last-rc-change='Tue Nov  9 19:01:43 2021', queued=0ms, exec=1946ms
[...]

In the systemd journal, the following error is logged:

[root@controller-0 ~]$ journalctl --boot
Nov 09 17:54:03 controller-0.example.com dockerd-current[4716]: [ALERT] 312/175403 (12) : parsing [/etc/haproxy/haproxy.cfg:220] : 'bind 10.56.5.254:13778' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
Nov 09 17:54:03 controller-0.example.com dockerd-current[4716]: [ALERT] 312/175403 (12) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg

Environment

  • Red Hat OpenStack Platform 16

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content