openstack-ansible placing ssl cert on keystone container does not work.

asked 2018-02-28 10:58:06 -0500

jake-briggs gravatar image

I am attempting to place the ssl cert for keystone on the container instead of on the loadbalancer. The documentation states to set the following variables.

keystone_ssl: True

openstack_external_ssl: False

keystone_external_ssl: False

keystone_service_proto: https

keystone_user_ssl_cert: public.cert

keystone_user_ssl_ca_cert: ca.cert

keystone_user_ssl_key: private.key

This places the ssl cert on keystone, but haproxy does not update correctly and everything breaks. Is there something else I should be setting to get haproxy to play along?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2018-03-06 10:58:14 -0500

jake-briggs gravatar image

Ok. I believe I figured this out.

You need to make the following entries in user_variables.yml

keystone_ssl: True ssl_protocol: 'SSLv2 SSLv3' keystone_service_proto: https keystone_user_ssl_cert: cert.pem keystone_user_ssl_ca_cert: chain.pem keystone_user_ssl_key: privkey.pem

You also need to make the following changes to group_vars/all/haproxy.yml

Change the following line in the keystone services: haproxy_balance_type: tcp

Then it starts to work correctly.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2018-02-28 10:58:06 -0500

Seen: 113 times

Last updated: Mar 06 '18