How to configure TLS/SSL endpoints with custom HAProxy loadbalancer role in Red Hat OpenStack Platform 13?

Solution In Progress - Updated -

Issue

How to configure TLS/SSL endpoints with custom HAProxy loadbalancer role in Red Hat OpenStack Platform 13?

When following https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html-single/advanced_overcloud_customization/index to enable SSL/TLS in combination with a dedicated role for HAProxy, TLS/SSL endpoints are not correctly configured on the HAProxy role.

Example for role definition:

- name: LoadBalancer
  CountDefault: 3
  networks:
    - InternalApi
    - StorageMgmt
    - Storage
    - External
    - Tenant
  # For systems with both IPv4 and IPv6, you may specify a gateway network for
  # each, such as ['ControlPlane', 'External']
  default_route_networks: ['External']
  HostnameFormatDefault: '%stackname%-loadbalancer-%index%'
  ServicesDefault:
    # Common Services
    - OS::TripleO::Services::AuditD
    - OS::TripleO::Services::CACerts
    - OS::TripleO::Services::CertmongerUser
    - OS::TripleO::Services::Collectd
    - OS::TripleO::Services::Docker
    - OS::TripleO::Services::Fluentd
    - OS::TripleO::Services::Kernel
    - OS::TripleO::Services::Ntp
    - OS::TripleO::Services::ContainersLogrotateCrond
    - OS::TripleO::Services::SensuClient
    - OS::TripleO::Services::Snmp
    - OS::TripleO::Services::Timezone
    - OS::TripleO::Services::TripleoFirewall
    - OS::TripleO::Services::TripleoPackages
    - OS::TripleO::Services::Tuned
    # Role-Specific Services
    - OS::TripleO::Services::Pacemaker
    - OS::TripleO::Services::HAproxy

On the controllers, this Service is disabled:

    #- OS::TripleO::Services::HAproxy

Environment

Red Hat OpenStack Platform 13

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content