Bug 1455503
Summary: | external ip not correctly set for apache on 1+1 plus isolated ctlplane + external | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Eduard Barrera <ebarrera> |
Component: | openstack-tripleo-heat-templates | Assignee: | Emilien Macchi <emacchi> |
Status: | CLOSED NOTABUG | QA Contact: | Gurenko Alex <agurenko> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 10.0 (Newton) | CC: | aschultz, bfournie, mburns, pablo.iranzo, rhel-osp-director-maint, rob.w.crowe |
Target Milestone: | --- | Keywords: | ZStream |
Target Release: | 10.0 (Newton) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-03-27 17:18:06 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Eduard Barrera
2017-05-25 11:05:54 UTC
I see a similar behavior. My external network is 9.0.0.0/16 and ports.conf is missing a "Listen 9.x.x.x:80" statement. ServiceNetMap: HorizonNetwork: external stack@dir-01:/etc/httpd/conf$ cat ports.conf # ************************************ # Listen & NameVirtualHost resources in module puppetlabs-apache # Managed by Puppet # ************************************ Listen 192.0.2.1:3000 Listen 192.0.2.1:35357 Listen 192.0.2.1:5000 Listen 192.0.2.1:8042 Listen 192.0.2.1:8774 Listen 192.0.2.1:8777 Listen 80 Actually I think my scenario is alittle different. The HAproxy rules are fine and list the external 9.x.x.x ip address its just httpd ports.conf that doesnt. So to the original bug, I don't think it's a valid configuration because Horizon does not proxy requests to the other endpoints so all services need to be on the same network as horizon for it to function correctly. Posting comments from Dan Sneddon when this issue was brought up on rhos-tech http://post-office.corp.redhat.com/archives/rhos-tech/2017-June/msg00253.html I think the issue is that you shouldn't be trying to put Horizon on the External network directly. Usually Horizon listens on the Internal API network, but HAProxy is configured to have a listener on the External network (which redirects to the Internal API network under normal circumstances). There are legacy reasons for this approach. Try using "ctlplane" for the Horizon network, and I think that might work better for you. Depending on which version you are using, it may not be possible to configure Horizon on the External network without also exposing the public APIs on the External network. Horizon runs largely inside the client browser, and makes direct API calls to the public APIs. I believe the newer versions perform SSL tunneling to prevent having to expose the APIs, but I'm not actually certain if that's been implemented. You should also check the final configuration to make sure that there aren't additional unwanted services listening on the External network due to the HAProxy config. Closing this based on Dan's comments. |