1467815 – [Openstack-containers][OSP12]: Deployment with SSL requires to change the haproxy.yaml .

Bug 1467815 - [Openstack-containers][OSP12]: Deployment with SSL requires to change the haproxy.yaml .

Summary: [Openstack-containers][OSP12]: Deployment with SSL requires to change the hap...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	12.0 (Pike)
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	beta
Target Release:	12.0 (Pike)
Assignee:	Emilien Macchi
QA Contact:	Gurenko Alex
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-07-05 08:32 UTC by Omri Hochman
Modified:	2018-02-05 19:10 UTC (History)
CC List:	8 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-7.0.0-0.20170805163048.el7ost, puppet-tripleo-7.2.1-0.20170807233007.4600842.el7ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-12-13 21:37:25 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	473854	None	None	None	2017-07-05 08:49:03 UTC
OpenStack gerrit	482102	None	None	None	2017-07-10 13:45:37 UTC
OpenStack gerrit	482135	None	None	None	2017-07-10 13:43:54 UTC
Red Hat Product Errata	RHEA-2017:3462	normal	SHIPPED_LIVE	Red Hat OpenStack Platform 12.0 Enhancement Advisory	2018-02-16 01:43:25 UTC

Description Omri Hochman 2017-07-05 08:32:34 UTC

[Openstack-containers][OSP12]: Deployment with SSL requires to change the haproxy.yaml . 

Environment:
-------------
openstack-tripleo-heat-templates-7.0.0-0.20170628002128.el7ost.noarch
haproxy-1.5.18-6.el7.x86_64
puppet-haproxy-1.5.1-0.20170526022021.49d6769.el7ost.noarch


Description :
--------------
It's required to change the haproxy.yaml in order to run a successful OSP12 deployment of containers with SSL.  


According to : https://review.openstack.org/#/c/473854/ 

haproxy needs the deployed SSL cert file to function when TLS is
enabled.

It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.

Comment 4 Omri Hochman 2017-10-26 19:30:21 UTC

unable to reproduce : 
OpenStack-12.0-RHEL-7 Puddle: 2017-10-24.3

Comment 7 errata-xmlrpc 2017-12-13 21:37:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462

Note You need to log in before you can comment on or make changes to this bug.