Bug 1488355
| Summary: | ssl container setups hangs in heat db sync | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Attila Fazekas <afazekas> |
| Component: | openstack-tripleo-heat-templates | Assignee: | Emilien Macchi <emacchi> |
| Status: | CLOSED DUPLICATE | QA Contact: | Gurenko Alex <agurenko> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 12.0 (Pike) | CC: | mburns, rhel-osp-director-maint |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-09-05 08:24:59 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1486363 *** |
Description of problem: heat db sync forever tries to connect to the mysql vip, but haproxy is not running. 192.168.24.1:8787/rhosp12/openstack-haproxy-docker:2017-08-31.2 haproxy_init_bundle log contains errors like: Error: /Stage[main]/Haproxy/Haproxy::Instance[haproxy]/Haproxy::Config[haproxy]/Concat[/etc/haproxy/haproxy.cfg]/File[/etc/haproxy/haproxy.cfg]/content: change from {md5}1f337186b0e1ba5ee82760cb437fb810 to {md5}a2f2a8d54d1068d962337a23798234be failed: Execution of '/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg20170905-8-bg0qsd -c' returned 1: [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:26] : 'bind 10.0.0.101:13042' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:37] : 'bind 10.0.0.101:13776' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:48] : 'bind 10.0.0.101:13292' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:59] : 'bind 10.0.0.101:13041' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:77] : 'bind 10.0.0.101:13004' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:90] : 'bind 10.0.0.101:13005' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:103] : 'bind 10.0.0.101:13003' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:116] : 'bind 10.0.0.101:443' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:118] : 'bind 172.17.1.11:443' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:139] : 'bind 10.0.0.101:13000' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:160] : 'bind 10.0.0.101:13696' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:176] : 'bind 10.0.0.101:13080' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:186] : 'bind 10.0.0.101:13774' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:197] : 'bind 10.0.0.101:13778' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:208] : 'bind 10.0.0.101:13779' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:229] : 'bind 10.0.0.101:13386' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:237] : 'bind 10.0.0.101:13808' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'. [ALERT] 247/071151 (3236) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg20170905-8-bg0qsd [ALERT] 247/071151 (3236) : Proxy 'aodh': no SSL certificate specified for bind '10.0.0.101:13042' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:26] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'cinder': no SSL certificate specified for bind '10.0.0.101:13776' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:37] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'glance_api': no SSL certificate specified for bind '10.0.0.101:13292' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:48] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'gnocchi': no SSL certificate specified for bind '10.0.0.101:13041' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:59] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'heat_api': no SSL certificate specified for bind '10.0.0.101:13004' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:77] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'heat_cfn': no SSL certificate specified for bind '10.0.0.101:13005' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:90] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'heat_cloudwatch': no SSL certificate specified for bind '10.0.0.101:13003' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:103] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'horizon': no SSL certificate specified for bind '10.0.0.101:443' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:116] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'horizon': no SSL certificate specified for bind '172.17.1.11:443' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:118] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'keystone_public': no SSL certificate specified for bind '10.0.0.101:13000' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:139] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'neutron': no SSL certificate specified for bind '10.0.0.101:13696' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:160] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'nova_novncproxy': no SSL certificate specified for bind '10.0.0.101:13080' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:176] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'nova_osapi': no SSL certificate specified for bind '10.0.0.101:13774' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:186] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'nova_placement': no SSL certificate specified for bind '10.0.0.101:13778' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:197] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'panko': no SSL certificate specified for bind '10.0.0.101:13779' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:208] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'sahara': no SSL certificate specified for bind '10.0.0.101:13386' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:229] (use 'crt'). [ALERT] 247/071151 (3236) : Proxy 'swift_proxy_server': no SSL certificate specified for bind '10.0.0.101:13808' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:237] (use 'crt'). [ALERT] 247/071151 (3236) : Fatal errors found in configuration. Version-Release number of selected component (if applicable): 2017-08-31.3 openstack-tripleo-heat-templates-7.0.0-0.20170821194254.el7ost.noarch Similar settings work without ssl, also it worked without containers.