Bug 1385035

Summary: rhel-osp-director: Deploying OC with SSL : ERROR: <html><body><h1>504 Gateway Time-out</h1>
Product: Red Hat OpenStack Reporter: Alexander Chuzhoy <sasha>
Component: rhosp-directorAssignee: Ben Nemec <bnemec>
Status: CLOSED NOTABUG QA Contact: Omri Hochman <ohochman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 10.0 (Newton)CC: bnemec, dbecker, jslagle, mburns, morazi, rhel-osp-director-maint
Target Milestone: ga   
Target Release: 10.0 (Newton)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-14 17:37:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Alexander Chuzhoy 2016-10-14 15:17:03 UTC 
rhel-osp-director:   Deploying OC with SSL : ERROR: <html><body><h1>504 Gateway Time-out</h1>


Environment:
instack-undercloud-5.0.0-0.20160930175750.9d2a655.el7ost.noarch
openstack-puppet-modules-9.0.0-0.20160915155755.8c758d6.el7ost.noarch
openstack-tripleo-heat-templates-5.0.0-0.20161003064637.d636e3a.1.1.el7ost.noarch

Steps to reproduce:

1. Attempt to deploy overcloud with ssl:
openstack overcloud deploy --templates --control-scale 3 --compute-scale 1 --neutron-network-type vxlan --neutron-tunnel-types vxlan --ntp-server clock.redhat.com --timeout 90 -e /usr/share/openstack-tripleo-heat-templates/environments/puppet-pacemaker.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml -e network-environment.yaml -e /home/stack/ssl-heat-templates/environments/enable-tls.yaml -e /home/stack/ssl-heat-templates/environments/inject-trust-anchor.yaml -e /home/stack/ssl-heat-templates/environments/tls-endpoints-public-ip.yaml --ceph-storage-scale 1


The SSL certificate is self signed, IP based.


Result:

2016-10-14 14:30:02Z [overcloud.CephStorage.0.CephStorage]: CREATE_IN_PROGRESS  state changed
2016-10-14 14:30:02Z [overcloud.Controller.2.UserData]: CREATE_COMPLETE  state changed
2016-10-14 14:30:04Z [overcloud.Controller.2.Controller]: CREATE_IN_PROGRESS  state changed
ERROR: <html><body><h1>504 Gateway Time-out</h1>
The server didn't respond in time.
</body></html>
Comment 1 James Slagle 2016-10-14 16:16:35 UTC 
ben, can you look into this one?
Comment 2 Alexander Chuzhoy 2016-10-14 17:36:28 UTC 
This actually happens if you:

1. deploy OC without "-e /home/stack/ssl-heat-templates/environments/tls-endpoints-public-ip.yam", i.e.:

 openstack overcloud deploy --templates --control-scale 3 --compute-scale 1 --neutron-network-type vxlan --neutron-tunnel-types vxlan --ntp-server clock.redhat.com --timeout 90 -e /usr/share/openstack-tripleo-heat-templates/environments/puppet-pacemaker.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml -e network-environment.yaml -e /home/stack/ssl-heat-templates/environments/enable-tls.yaml -e /home/stack/ssl-heat-templates/environments/inject-trust-anchor.yaml  --ceph-storage-scale 1

2. Remove the overcloud stack.
3. re-deploy the overcloud with:
openstack overcloud deploy --templates --control-scale 3 --compute-scale 1 --neutron-network-type vxlan --neutron-tunnel-types vxlan --ntp-server clock.redhat.com --timeout 90 -e /usr/share/openstack-tripleo-heat-templates/environments/puppet-pacemaker.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml -e network-environment.yaml -e /home/stack/ssl-heat-templates/environments/enable-tls.yaml -e /home/stack/ssl-heat-templates/environments/inject-trust-anchor.yaml -e /home/stack/ssl-heat-templates/environments/tls-endpoints-public-ip.yaml --ceph-storage-scale 1





If I deploy with the /home/stack/ssl-heat-templates/environments/tls-endpoints-public-ip.yaml from the beginning (as expected) - I don't see this issue.
Thanks.