Bug 1419669
Summary: | [Director] No discussion of public VIP in SSL docs | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Ben Nemec <bnemec> |
Component: | documentation | Assignee: | Dan Macpherson <dmacpher> |
Status: | CLOSED NOTABUG | QA Contact: | RHOS Documentation Team <rhos-docs> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 10.0 (Newton) | CC: | bnemec, dhill, dmacpher, mburns, srevivo |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-04-03 21:59:58 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ben Nemec
2017-02-06 17:27:49 UTC
Hi Ben, So the information on the Public API VIP was in the SSL/TLS cert generation instructions in the Director Guide, but I felt they belongs in the Adv Overcloud Guide. So I made a split between the Undercloud and Overcloud SSL/TLS config, and moved the Overcloud cert generation to the Adv Overcloud Guide into the chapter you linked. The section relevant to this BZ is here: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/10/html/advanced_overcloud_customization/sect-enabling_ssltls_on_the_overcloud#Creating_an_SSL_TLS_Certificate_Signing_Request Set the commonName_default to one of the following: If using an IP to access over SSL/TLS, use the Virtual IP for the Public API. Set this VIP using the PublicVirtualFixedIPs parameter in an environment file. For more information, see Section 8.4, “Assigning Predictable Virtual IPs”. If using a fully qualified domain name to access over SSL/TLS, use the domain name instead. Section 8.4 is here: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/10/html/advanced_overcloud_customization/sect-controlling_node_placement#sect-Predictable_VIPs Was this what you were after? Any further requirements for this BZ? Okay, I'm not sure what I was looking at when I opened this. I thought I had searched the page for the parameter name, but clearly I didn't since it's there. The existing docs do look fine. This bug came out of a discussion I had with someone in the field where they had tried to do an ssl deployment without setting the public vip. I thought we determined that it was missing from the docs, but maybe we were looking at the wrong version or something? Anyway, docs are correct so closing the bug. |