Bug 1433750
Summary: | Neutron uses the Nova API public endpoint which may not be always reachable from the node running the Neutron service | |||
---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Marius Cornea <mcornea> | |
Component: | openstack-tripleo-heat-templates | Assignee: | Brent Eagles <beagles> | |
Status: | CLOSED ERRATA | QA Contact: | Toni Freger <tfreger> | |
Severity: | high | Docs Contact: | ||
Priority: | medium | |||
Version: | 11.0 (Ocata) | CC: | amuller, aschultz, beagles, cylopez, dbecker, jlibosva, lmarsh, mburns, mcornea, morazi, rhel-osp-director-maint | |
Target Milestone: | z3 | Keywords: | TestOnly, Triaged, ZStream | |
Target Release: | 13.0 (Queens) | Flags: | lmarsh:
needinfo-
lmarsh: needinfo- |
|
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | openstack-tripleo-heat-templates-8.0.0-0.20180215092255.el7.ost | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1537757 (view as bug list) | Environment: | ||
Last Closed: | 2018-11-13 22:26:39 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1537757 |
Description
Marius Cornea
2017-03-19 19:25:08 UTC
> Neutron API services are running on a different role than the controller running HAProxy where the public endpoints are binding. The Neutron role is not connected to the OSP-d External network since it runs internal only services and outgoing traffic to the External network from this role nodes is not allowed.
If the Neutron API service is running on a different role, it would be connected to the same external networks the controller nodes are, because users need to be able to reach the public Neutron API endpoint. In that case, Neutron will always have access to the public Nova API endpoint, regardless if it's on a separate node or not. What am I missing?
(In reply to Assaf Muller from comment #1) > > Neutron API services are running on a different role than the controller running HAProxy where the public endpoints are binding. The Neutron role is not connected to the OSP-d External network since it runs internal only services and outgoing traffic to the External network from this role nodes is not allowed. > > If the Neutron API service is running on a different role, it would be > connected to the same external networks the controller nodes are, because > users need to be able to reach the public Neutron API endpoint. In that > case, Neutron will always have access to the public Nova API endpoint, > regardless if it's on a separate node or not. What am I missing? The public Neutron API endpoint is exposed via HAProxy so the role which runs the Neutron API service doesn't need to be connected to the external network but it uses the internal_api network to reach the controller running HAProxy. I used this workaround in an environment file : parameter_defaults: NovaComputeExtraConfig: neutron::config::server_config: nova/endpoint_type: value: internal Sorry, it's on controller node so I wrote a mistake. Is this : parameter_defaults: controllerExtraConfig neutron::config::server_config: nova/endpoint_type: value: internal (In reply to Cyril Lopez from comment #5) > I used this workaround in an environment file : > > parameter_defaults: > NovaComputeExtraConfig: > neutron::config::server_config: > nova/endpoint_type: > value: internal According to our records, this should be resolved by openstack-tripleo-heat-templates-8.0.2-38.el7ost. This build is available now. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3587 |