Bug 1111656

Summary: Horizon puppet error for HA-all-in-one-controller
Product: Red Hat OpenStack Reporter: Crag Wolfe <cwolfe>
Component: openstack-foreman-installerAssignee: Crag Wolfe <cwolfe>
Status: CLOSED ERRATA QA Contact: Leonid Natapov <lnatapov>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 5.0 (RHEL 7)CC: acathrow, ajeain, lbezdick, mburns, morazi, ohochman, rhos-maint, yeylon
Target Milestone: ga   
Target Release: Installer   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-21 18:04:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Crag Wolfe 2014-06-20 16:13:35 UTC 
Description of problem:

Puppet error when attempting to deploy the HA-all-in-one-controller with include_horizon = true (does not happen with include_horizon = false).


Version-Release number of selected component (if applicable):

openstack-puppet-modules-2014.1-16.el7ost.noarch, astapor master


Additional info:

This was working recently -- need to check if packstack has updated the way it called horizon.


# puppet agent -tvd --trace
....
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Apache::Vhost[horizon_vhost]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this at /usr/share/openstack-puppet/modules/apache/manifests/vhost.pp:339 on node c1a1.example.com
Comment 1 Crag Wolfe 2014-06-23 15:15:54 UTC 
Narrowing down the issue.  We haven't changed the we are declaring ::horizon, but now the following in a standalone manifest breaks:

class{ '::horizon':
    bind_address          => '192.168.200.10',
    cache_server_ip       => '127.0.0.1',
    cache_server_port     => '11211',
    fqdn                  => ['192.168.201.93','192.168.201.94','192.168.201.95','c1a1.example.com','c1a1','localhost',],
    keystone_default_role => '_member_',
    keystone_host         => '192.168.201.35',
    horizon_cert          => '/etc/pki/tls/certs/PUB_HOST-horizon.crt',
    horizon_key           => '/etc/pki/tls/private/PUB_HOST-horizon.key',
    horizon_ca            => '/etc/ipa/ca.crt',
    listen_ssl            => false,
    secret_key            => '',}

In the HA-all-in-one-controller, we want horizon to bind on the "backend" IP, which in this case is 192.168.200.10.  Haproxy is responsible for forwarding connections from 192.168.201.93 (and .94, .95) to 192.168.200.10 so  192.168.200.93 is the address the user would use in a browser.  Also, I've tried just using an fqdn of ['192.168.201.93'] but get the same result.  We have had to enumerate these fqdn's in the past to avoid security-related errors in the horizon UI.
Comment 2 Crag Wolfe 2014-06-24 01:29:24 UTC 
https://github.com/redhat-openstack/astapor/pull/284
Comment 9 Leonid Natapov 2014-08-12 16:16:49 UTC 
Didn't reproduce with staypuft.
Comment 10 errata-xmlrpc 2014-08-21 18:04:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1090.html