Bug 1320950

Summary:	os-cloud-config hardcodes SSL ports
Product:	Red Hat OpenStack	Reporter:	Marius Cornea <mcornea>
Component:	rhosp-director	Assignee:	Marius Cornea <mcornea>
Status:	CLOSED ERRATA	QA Contact:	Marius Cornea <mcornea>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	8.0 (Liberty)	CC:	dbecker, jcoufal, jslagle, mburns, morazi, racedoro, rhel-osp-director-maint
Target Milestone:	async
Target Release:	8.0 (Liberty)
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	openstack-tripleo-heat-templates-0.8.14-8.el7ost os-cloud-config-0.4.1-2.el7ost python-tripleoclient-0.3.4-5.el7ost	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-06-15 12:38:57 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1313855

Description Marius Cornea 2016-03-24 10:55:51 UTC

Description of problem:
os-cloud-config hardcodes the SSL port numbers which make it impossible to customize the SSL ports (BZ#1313855) 

Version-Release number of selected component (if applicable):
os-net-config-0.2.0-1.el7ost.noarch

How reproducible:
100%

Steps to Reproduce:
1. Deploy SSL enabled overcloud with custom ports for the public API endpoints

Actual results:
Deployment fails with a connection refused message. The keystone endpoints are set to use the default ports but the services are actually binding on the custom ports.

| keystone   | identity      | regionOne                                                                                     |
|            |               |   publicURL: https://rxtx.ro:13000/v2.0                                                       |
|            |               |   internalURL: http://[fd00:fd00:fd00:2000::10]:5000/v2.0                                     |
|            |               |   adminURL: http://192.0.2.13:35357/v2.0    


stack@instack:~>>> curl https://rxtx.ro:13000/v2.0      
curl: (7) Failed connect to rxtx.ro:13000; Connection refused

stack@instack:~>>> curl https://rxtx.ro:5000/v2.0      
{"version": {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": [{"href": "https://rxtx.ro:5000/v2.0/", "rel": "self"}, {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}]}}
                                                 
Expected results:
Deployment finishes.

Comment 3 James Slagle 2016-04-01 12:03:02 UTC

https://review.openstack.org/#/c/299279/ will at least allow customization of keystone ports via os-cloud-config, but we still need a tripleoclient patch

Comment 4 Juan Antonio Osorio 2016-04-06 08:11:10 UTC

James, there are three commits tracked for this BZ, being https://review.openstack.org/#/c/299475/ one of them, which is the change needed to tripleoclient. Would sure use some reviews :D

Comment 5 Marius Cornea 2016-05-03 09:30:30 UTC

I see that the attached tripleoclient patches are not present downstream(python-tripleoclient-0.3.4-4.el7ost.noarch). Can they be picked so I proceed with the verification? Thanks

Comment 6 Mike Burns 2016-05-03 16:54:03 UTC

This bug is still ON_DEV, so not ready for testing yet, though I see that patches did land upstream.  Just waiting on a backport of the changes to get a build done.

Comment 8 Marius Cornea 2016-06-02 15:05:08 UTC

[stack@undercloud ~]$ source overcloudrc
[stack@undercloud ~]$ openstack catalog list
+------------+---------------+---------------------------------------------------------------------------------+
| Name       | Type          | Endpoints                                                                       |
+------------+---------------+---------------------------------------------------------------------------------+
| nova       | compute       | regionOne                                                                       |
|            |               |   publicURL: https://172.16.18.25:8774/v2.1/ae1b02e100d144db97181a8835cdaf54    |
|            |               |   internalURL: http://10.0.0.10:8774/v2.1/ae1b02e100d144db97181a8835cdaf54      |
|            |               |   adminURL: http://10.0.0.10:8774/v2.1/ae1b02e100d144db97181a8835cdaf54         |
|            |               |                                                                                 |
| neutron    | network       | regionOne                                                                       |
|            |               |   publicURL: https://172.16.18.25:9696/                                         |
|            |               |   internalURL: http://10.0.0.10:9696/                                           |
|            |               |   adminURL: http://10.0.0.10:9696/                                              |
|            |               |                                                                                 |
| cinderv2   | volumev2      | regionOne                                                                       |
|            |               |   publicURL: https://172.16.18.25:8776/v2/ae1b02e100d144db97181a8835cdaf54      |
|            |               |   internalURL: http://10.0.0.10:8776/v2/ae1b02e100d144db97181a8835cdaf54        |
|            |               |   adminURL: http://10.0.0.10:8776/v2/ae1b02e100d144db97181a8835cdaf54           |
|            |               |                                                                                 |
| glance     | image         | regionOne                                                                       |
|            |               |   publicURL: https://172.16.18.25:9292/                                         |
|            |               |   internalURL: http://10.0.0.138:9292/                                          |
|            |               |   adminURL: http://10.0.0.138:9292/                                             |
|            |               |                                                                                 |
| ceilometer | metering      | regionOne                                                                       |
|            |               |   publicURL: https://172.16.18.25:8777/                                         |
|            |               |   internalURL: http://10.0.0.10:8777/                                           |
|            |               |   adminURL: http://10.0.0.10:8777/                                              |
|            |               |                                                                                 |
| cinder     | volume        | regionOne                                                                       |
|            |               |   publicURL: https://172.16.18.25:8776/v1/ae1b02e100d144db97181a8835cdaf54      |
|            |               |   internalURL: http://10.0.0.10:8776/v1/ae1b02e100d144db97181a8835cdaf54        |
|            |               |   adminURL: http://10.0.0.10:8776/v1/ae1b02e100d144db97181a8835cdaf54           |
|            |               |                                                                                 |
| heat       | orchestration | regionOne                                                                       |
|            |               |   publicURL: https://172.16.18.25:8004/v1/ae1b02e100d144db97181a8835cdaf54      |
|            |               |   internalURL: http://10.0.0.10:8004/v1/ae1b02e100d144db97181a8835cdaf54        |
|            |               |   adminURL: http://10.0.0.10:8004/v1/ae1b02e100d144db97181a8835cdaf54           |
|            |               |                                                                                 |
| swift      | object-store  | regionOne                                                                       |
|            |               |   publicURL: https://172.16.18.25:8080/v1/AUTH_ae1b02e100d144db97181a8835cdaf54 |
|            |               |   internalURL: http://10.0.0.138:8080/v1/AUTH_ae1b02e100d144db97181a8835cdaf54  |
|            |               |   adminURL: http://10.0.0.138:8080/v1                                           |
|            |               |                                                                                 |
| keystone   | identity      | regionOne                                                                       |
|            |               |   publicURL: https://172.16.18.25:5000/v2.0                                     |
|            |               |   internalURL: http://10.0.0.10:5000/v2.0                                       |
|            |               |   adminURL: http://192.168.0.17:35357/v2.0                                      |
|            |               |                                                                                 |
+------------+---------------+---------------------------------------------------------------------------------+

Comment 10 errata-xmlrpc 2016-06-15 12:38:57 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1229