Bug 1384168

Summary: Using generate_service_certificate and undercloud_public_vip in undercloud.conf breaks nova
Product: Red Hat OpenStack Reporter: Jason E. Rist <jrist>
Component: openstack-tripleoAssignee: Eoghan Glynn <eglynn>
Status: CLOSED WONTFIX QA Contact: Arik Chernetsky <achernet>
Severity: high Docs Contact:
Priority: high    
Version: 10.0 (Newton)CC: dtrainor, mburns, mcornea, rhel-osp-director-maint
Target Milestone: ---   
Target Release: 10.0 (Newton)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-13 05:59:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jason E. Rist 2016-10-12 17:24:00 UTC 
Cloned from launchpad bug 1632538.

Description:

Enabling SSL on the Undercloud using generate_service_certificate results in all Nova services on the undercloud (api, cert, compute, conductor, scheduler), all failing with errors similar to the following:

2016-10-11 22:28:27.327 66082 CRITICAL nova [req-b5f37af3-96fc-42e2-aaa6-52815aca07fe - - - - -] ConfigFileValueError: Value for option url is not valid: invalid URI: 'https://rdo-ci-fx2-06-s5.v103.rdoci.lab.eng.rdu.redhat.com:13696'
2016-10-11 22:28:27.327 66082 ERROR nova Traceback (most recent call last):
2016-10-11 22:28:27.327 66082 ERROR nova   File "/usr/bin/nova-cert", line 10, in <module>
2016-10-11 22:28:27.327 66082 ERROR nova     sys.exit(main())
2016-10-11 22:28:27.327 66082 ERROR nova   File "/usr/lib/python2.7/site-packages/nova/cmd/cert.py", line 49, in main
2016-10-11 22:28:27.327 66082 ERROR nova     service.wait()
2016-10-11 22:28:27.327 66082 ERROR nova   File "/usr/lib/python2.7/site-packages/nova/service.py", line 415, in wait
2016-10-11 22:28:27.327 66082 ERROR nova     _launcher.wait()
2016-10-11 22:28:27.327 66082 ERROR nova   File "/usr/lib/python2.7/site-packages/oslo_service/service.py", line 328, in wait
2016-10-11 22:28:27.327 66082 ERROR nova     status, signo = self._wait_for_exit_or_signal()
2016-10-11 22:28:27.327 66082 ERROR nova   File "/usr/lib/python2.7/site-packages/oslo_service/service.py", line 303, in _wait_for_exit_or_signal
2016-10-11 22:28:27.327 66082 ERROR nova     self.conf.log_opt_values(LOG, logging.DEBUG)
2016-10-11 22:28:27.327 66082 ERROR nova   File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 2630, in log_opt_values
2016-10-11 22:28:27.327 66082 ERROR nova     _sanitize(opt, getattr(group_attr, opt_name)))
2016-10-11 22:28:27.327 66082 ERROR nova   File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 3061, in __getattr__
2016-10-11 22:28:27.327 66082 ERROR nova     return self._conf._get(name, self._group)
2016-10-11 22:28:27.327 66082 ERROR nova   File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 2672, in _get
2016-10-11 22:28:27.327 66082 ERROR nova     value = self._do_get(name, group, namespace)
2016-10-11 22:28:27.327 66082 ERROR nova   File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 2715, in _do_get
2016-10-11 22:28:27.327 66082 ERROR nova     % (opt.name, str(ve)))
2016-10-11 22:28:27.327 66082 ERROR nova ConfigFileValueError: Value for option url is not valid: invalid URI: 'https://rdo-ci-fx2-06-s5.v103.rdoci.lab.eng.rdu.redhat.com:13696'
2016-10-11 22:28:27.327 66082 ERROR nova 

I believe the failure happens inside the [neutron] section of /etc/nova/nova.conf.  

This does not look related to the scheme (https) being used as the result of enabling SSL because doing a one-off test with the openstack-nova-conductor service after changing the schema to http results in the same startup failure.

Another one-off test substituting an IP address instead of a FQDN inside of nova.conf with the openstack-nova-conductor service as before results in openstack-nova-conductor starting properly but eventually failing with a connection-related failure due to the one-off data used (an IP address of 1.2.3.4).

Specification URL (additional information):

https://bugs.launchpad.net/tripleo/+bug/1632538
Comment 1 Dan Trainor 2016-10-13 05:58:53 UTC 
This appears to be caused by an outdated python-rfc3986 package.  Going to push to have that package updated.