How to configure TLS/SSL endpoints with custom HAProxy loadbalancer role in Red Hat OpenStack Platform 13?
Issue
How to configure TLS/SSL endpoints with custom HAProxy loadbalancer role in Red Hat OpenStack Platform 13?
When following https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html-single/advanced_overcloud_customization/index to enable SSL/TLS in combination with a dedicated role for HAProxy, TLS/SSL endpoints are not correctly configured on the HAProxy role.
Example for role definition:
- name: LoadBalancer
CountDefault: 3
networks:
- InternalApi
- StorageMgmt
- Storage
- External
- Tenant
# For systems with both IPv4 and IPv6, you may specify a gateway network for
# each, such as ['ControlPlane', 'External']
default_route_networks: ['External']
HostnameFormatDefault: '%stackname%-loadbalancer-%index%'
ServicesDefault:
# Common Services
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Fluentd
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
# Role-Specific Services
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::HAproxy
On the controllers, this Service is disabled:
#- OS::TripleO::Services::HAproxy
Environment
Red Hat OpenStack Platform 13
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.