Bug 1128457

Summary: Horizon dashboard -> Not Found
Product: Red Hat OpenStack Reporter: Tzach Shefi <tshefi>
Component: openstack-foreman-installerAssignee: Crag Wolfe <cwolfe>
Status: CLOSED ERRATA QA Contact: Ami Jeain <ajeain>
Severity: high Docs Contact:
Priority: high    
Version: 5.0 (RHEL 6)CC: aberezin, ajeain, aortega, dnavale, ichavero, jguiditt, jpichon, lhh, mburns, mmagr, morazi, mrunge, rhos-maint, sasha, tshefi, yeylon, yrabl
Target Milestone: ga   
Target Release: Installer   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-foreman-installer-2.0.20-1.el6ost Doc Type: Bug Fix
Doc Text:
Previously, horizon was not configured to allow requests for all FQDNs. As a result, OpenStack Dashboard would display 'Not Found' for the HA and non-HA controller node if the FQDN in the web request was not explicitly allowed in the Apache configuration. This update allows Apache to serve all requests to the Dashboard, regardless of the web address specified in the user's web request (URL) and Dashboard loads without errors.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-21 18:08:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
The apache configuration file none

Description Tzach Shefi 2014-08-10 14:28:02 UTC 
Description of problem: Neutron vxlan none HA, two computes, deployment completed 100% without problems, but I have No dashboard, error -> file not found error, I can ping controller's public (10.35.X.X) leg from my laptop not a route issue, disabled firewall no luck, netstat shows open port 80.  Restarted service, even whole controller still now luck, trying to figure out my self will update on findings. 

Enabled Horizon log restarted service, log is empty. Maybe it's just my setup gone bad. 


Version-Release number of selected component (if applicable):
rhel-osp-installer-0.1.9-1.el6ost.noarch
foreman-installer-1.5.0-0.6.RC2.el6ost.noarch
openstack-foreman-installer-2.0.18-1.el6ost.noarch


How reproducible:
Not sure

Steps to Reproduce:
1.
2.
3.

Actual results:
No Horizon dashboard

Expected results:
Dashboard should be accessible 

Additional info:
Comment 2 Tzach Shefi 2014-08-10 14:38:36 UTC 
Setenforce 0 didn't help. 

This is /var/log/httpd/error_log, can't see errors or reason for problem. 

Tips welcomed, should I move this to Horizon bug or keep it under staypuft, not sure if installer related. 

[Sun Aug 10 11:28:30.135612 2014] [core:notice] [pid 16204] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sun Aug 10 11:28:30.152153 2014] [suexec:notice] [pid 16204] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Aug 10 11:28:30.161678 2014] [auth_digest:notice] [pid 16204] AH01757: generating secret for digest authentication ...
[Sun Aug 10 11:28:30.175690 2014] [mpm_prefork:notice] [pid 16204] AH00163: Apache/2.4.6 (Red Hat) mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Sun Aug 10 11:28:30.175724 2014] [core:notice] [pid 16204] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Aug 10 13:22:23.474518 2014] [mpm_prefork:notice] [pid 16204] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 10 13:23:38.968010 2014] [core:notice] [pid 1104] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sun Aug 10 13:23:39.126330 2014] [suexec:notice] [pid 1104] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Aug 10 13:23:39.136116 2014] [auth_digest:notice] [pid 1104] AH01757: generating secret for digest authentication ...
[Sun Aug 10 13:23:39.141412 2014] [mpm_prefork:notice] [pid 1104] AH00163: Apache/2.4.6 (Red Hat) mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Sun Aug 10 13:23:39.141434 2014] [core:notice] [pid 1104] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Aug 10 13:27:04.064025 2014] [mpm_prefork:notice] [pid 1104] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 10 13:27:05.412493 2014] [core:notice] [pid 5169] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sun Aug 10 13:27:05.423311 2014] [suexec:notice] [pid 5169] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Aug 10 13:27:05.433549 2014] [auth_digest:notice] [pid 5169] AH01757: generating secret for digest authentication ...
[Sun Aug 10 13:27:05.438329 2014] [mpm_prefork:notice] [pid 5169] AH00163: Apache/2.4.6 (Red Hat) mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Sun Aug 10 13:27:05.438359 2014] [core:notice] [pid 5169] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Aug 10 14:18:50.731156 2014] [mpm_prefork:notice] [pid 5169] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 10 14:20:03.616538 2014] [core:notice] [pid 1177] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sun Aug 10 14:20:03.713063 2014] [suexec:notice] [pid 1177] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Aug 10 14:20:03.723011 2014] [auth_digest:notice] [pid 1177] AH01757: generating secret for digest authentication ...
[Sun Aug 10 14:20:03.727714 2014] [mpm_prefork:notice] [pid 1177] AH00163: Apache/2.4.6 (Red Hat) mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Sun Aug 10 14:20:03.727738 2014] [core:notice] [pid 1177] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Aug 10 14:22:00.744990 2014] [mpm_prefork:notice] [pid 1177] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 10 14:22:02.139819 2014] [core:notice] [pid 4776] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sun Aug 10 14:22:02.151737 2014] [suexec:notice] [pid 4776] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Aug 10 14:22:02.161329 2014] [auth_digest:notice] [pid 4776] AH01757: generating secret for digest authentication ...
[Sun Aug 10 14:22:02.165722 2014] [mpm_prefork:notice] [pid 4776] AH00163: Apache/2.4.6 (Red Hat) mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Sun Aug 10 14:22:02.165748 2014] [core:notice] [pid 4776] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Comment 4 Julie Pichon 2014-08-11 13:01:22 UTC 
Can you access the dashboard using localhost on the controller, e.g. with curl? Could you provide your apache configuration? (/etc/httpd/conf.d/openstack-dashboard.conf or maybe /etc/httpd/conf.d/15-horizon_vhost.conf) I wonder if this is related to the ServerAlias parameter, this reminds me of bug 1119920.
Comment 5 Julie Pichon 2014-08-12 08:26:17 UTC 
From another environment installed with Staypuft with the same issue, it seems to be the same cause, where the ServerAliases included in /etc/httpd/conf.d/15-horizon_vhost.conf don't include the URL or IP eventually used by the user, so Httpd doesn't forward the request to Horizon.

My suggestion would be to not include the ServerAliases at all, which was the previous behaviour. Packstack settled for using the wildcard '*' in bug 1119920.
Comment 6 Yogev Rabl 2014-08-12 11:03:06 UTC 
Created attachment 926036 [details]
The apache configuration file
Comment 7 Yogev Rabl 2014-08-12 11:08:58 UTC 
I've tried to add the wildcard * to the server aliases but got a "Bad Request 400" error in the browser.
Comment 8 Julie Pichon 2014-08-12 12:43:41 UTC 
As an addendum to comment 4, just removing the ServerAlias doesn't seem to work, but replacing the existing statements with ServerAlias * does fix it.

The error 400 is a separate issue and appears related to ALLOWED_HOSTS in /etc/openstack-dashboard/local_settings, I'm not sure why it returns an Apache error 400 instead of a 500 with the Horizon default error page. Setting ALLOWED_HOSTS to ['*'] (or, I guess, adding the IP/hostname one is using) and restarting httpd should resolve it.
Comment 9 Ami Jeain 2014-08-12 15:11:35 UTC 
modifying the files works only for few min, as after a while (didn't get a chance to debug it further), the files content return to previous content.
I had to modify the following 2 files:
1. /etc/openstack-dashboard/local_settings (ALLOWED_HOSTS = ['*'])
2. /etc/httpd/conf.d/15-horizon_vhost.conf (ServerAlias *)
Comment 10 Lon Hohberger 2014-08-12 15:31:41 UTC 
*** Bug 1129379 has been marked as a duplicate of this bug. ***
Comment 11 Lon Hohberger 2014-08-12 15:32:18 UTC 
Should this be assigned to openstack-puppet-modules, since it's apparently happening with packstack too?
Comment 12 Lon Hohberger 2014-08-12 15:33:10 UTC 
Hmm, appears as though packstack has a fix in packstack posted upstream, so perhaps this needs to be fixed in both places.
Comment 13 Ami Jeain 2014-08-12 16:01:29 UTC 
found out that the files have been "modified" after 30 min
Comment 14 Scott Seago 2014-08-12 16:12:41 UTC 
Looks like this may be a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1129379

Crag -- I don't know if there's any quickstack work needed here, or if it's all upstream in openstack-puppet-modules
Comment 15 Crag Wolfe 2014-08-12 18:52:02 UTC 
Patch posted: https://github.com/redhat-openstack/astapor/pull/350
Comment 16 Mike Burns 2014-08-12 20:07:49 UTC 
(In reply to Scott Seago from comment #14)
> Looks like this may be a duplicate of
> https://bugzilla.redhat.com/show_bug.cgi?id=1129379
> 

That has a fix in packstack, not OPM, so we need the separate bug for OFI
Comment 17 Tzach Shefi 2014-08-13 06:43:05 UTC 
Hey Julie, 

Sorry for late replay, setup is gone by now, noticed Yogev tried your tip on #7. 

Per comment #11, as a further debugging step I also ran a packstack deployment later on that day, Horizon worked fine on it, forgot to mention on original bug posting.
Comment 18 Jason Guiditta 2014-08-13 13:04:58 UTC 
Merged
Comment 20 Alexander Chuzhoy 2014-08-14 14:38:17 UTC 
Verified:rhel-osp-installer-0.1.10-2.el6ost.noarch


Was able to login to the dashboard with no issues.
Comment 21 errata-xmlrpc 2014-08-21 18:08:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1090.html