With review 42476 patched and below knobs in by instances.yml
contrail_configuration: METADATA_SSL_ENABLE: True
kolla_config: kolla_globals: metadata_ssl_enable: "yes" tls_bind_info_internal: "yes"
********************************************** ********************************************** **********************************************
I am hitting haproxy bring up error
TASK [haproxy : Copying over haproxy.cfg] ********************************************************************************************************************************************************** failed: [10.204.217.131] (item=/root/contrail-kolla-ansible/ansible/roles/haproxy/templates/haproxy.cfg.j2) => {"changed": false, "item": "/root/contrail-kolla-ansible/ansible/roles/haproxy/templates/haproxy.cfg.j2", "msg": "AnsibleError: template error while templating string: expected token ':', got '}'. String: {% set tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external | bool else '' %}\n{% set tls_bind_info_internal = 'ssl crt /etc/haproxy/haproxy-internal.pem' if kolla_enable_tls_internal | bool else '' %}\n{% set tls_bind_info_nova_metadata = {{ tls_bind_info_internal }} if metadata_ssl_enable | bool else '' %}\nglobal\n chroot /var/lib/haproxy\n user haproxy\n group haproxy\n daemon\n{% if orchestration_engine != 'KUBERNETES' %}\n log {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ fluentd_syslog_port }} local1\n{% endif %}\n maxconn 4000\n stats socket /var/lib/kolla/haproxy/haproxy.sock\n{% if kolla_enable_tls_external | bool %}\n ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES\n ssl-default-bind-options no-sslv3 no-tlsv10\n tune.ssl.default-dh-param 4096\n{%
With review 42476 patched and below knobs in by instances.yml
contrail_ configuration: SSL_ENABLE: True
METADATA_
kolla_config: ssl_enable: "yes" bind_info_ internal: "yes"
kolla_globals:
metadata_
tls_
******* ******* ******* ******* ******* ******* **** ******* ******* ******* ******* ******* **** ******* ******* ******* ******* ******* ****
*******
*******
I am hitting haproxy bring up error
TASK [haproxy : Copying over haproxy.cfg] ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* root/contrail- kolla-ansible/ ansible/ roles/haproxy/ templates/ haproxy. cfg.j2) => {"changed": false, "item": "/root/ contrail- kolla-ansible/ ansible/ roles/haproxy/ templates/ haproxy. cfg.j2" , "msg": "AnsibleError: template error while templating string: expected token ':', got '}'. String: {% set tls_bind_info = 'ssl crt /etc/haproxy/ haproxy. pem' if kolla_enable_ tls_external | bool else '' %}\n{% set tls_bind_ info_internal = 'ssl crt /etc/haproxy/ haproxy- internal. pem' if kolla_enable_ tls_internal | bool else '' %}\n{% set tls_bind_ info_nova_ metadata = {{ tls_bind_ info_internal }} if metadata_ssl_enable | bool else '' %}\nglobal\n chroot /var/lib/haproxy\n user haproxy\n group haproxy\n daemon\n{% if orchestration_ engine != 'KUBERNETES' %}\n log {{ hostvars[ inventory_ hostname] ['ansible_ ' + api_interface] ['ipv4' ]['address' ] }}:{{ fluentd_syslog_port }} local1\n{% endif %}\n maxconn 4000\n stats socket /var/lib/ kolla/haproxy/ haproxy. sock\n{ % if kolla_enable_ tls_external | bool %}\n ssl-default- bind-ciphers DEFAULT: !MEDIUM: !3DES\n ssl-default- bind-options no-sslv3 no-tlsv10\n tune.ssl. default- dh-param 4096\n{%
failed: [10.204.217.131] (item=/