Bug 1467815

Summary: [Openstack-containers][OSP12]: Deployment with SSL requires to change the haproxy.yaml .
Product: Red Hat OpenStack Reporter: Omri Hochman <ohochman>
Component: openstack-tripleo-heat-templatesAssignee: Emilien Macchi <emacchi>
Status: CLOSED ERRATA QA Contact: Gurenko Alex <agurenko>
Severity: medium Docs Contact:
Priority: medium    
Version: 12.0 (Pike)CC: bperkins, dciabrin, m.andre, mburns, rhallise, rhel-osp-director-maint, sasha, tvignaud
Target Milestone: betaKeywords: Triaged
Target Release: 12.0 (Pike)   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-7.0.0-0.20170805163048.el7ost, puppet-tripleo-7.2.1-0.20170807233007.4600842.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-13 21:37:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Omri Hochman 2017-07-05 08:32:34 UTC 
[Openstack-containers][OSP12]: Deployment with SSL requires to change the haproxy.yaml . 

Environment:
-------------
openstack-tripleo-heat-templates-7.0.0-0.20170628002128.el7ost.noarch
haproxy-1.5.18-6.el7.x86_64
puppet-haproxy-1.5.1-0.20170526022021.49d6769.el7ost.noarch


Description :
--------------
It's required to change the haproxy.yaml in order to run a successful OSP12 deployment of containers with SSL.  


According to : https://review.openstack.org/#/c/473854/ 

haproxy needs the deployed SSL cert file to function when TLS is
enabled.

It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
Comment 4 Omri Hochman 2017-10-26 19:30:21 UTC 
unable to reproduce : 
OpenStack-12.0-RHEL-7 Puddle: 2017-10-24.3
Comment 7 errata-xmlrpc 2017-12-13 21:37:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462