Bug 1573497
| Summary: | Octavia healthmonitor HTTPS - haproxy backend has no server available | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Noam Manos <nmanos> | ||||||
| Component: | openstack-octavia | Assignee: | Nir Magnezi <nmagnezi> | ||||||
| Status: | CLOSED DUPLICATE | QA Contact: | Alexander Stafeyev <astafeye> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 13.0 (Queens) | CC: | astafeye, bperkins, cgoncalves, ihrachys, lpeer, majopela, nmanos, tfreger | ||||||
| Target Milestone: | --- | Keywords: | Triaged, ZStream | ||||||
| Target Release: | 14.0 (Rocky) | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2019-03-18 14:58:43 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Noam Manos
2018-05-01 14:17:48 UTC
Created attachment 1429182 [details]
Health Monitor HTTPS creation
(In reply to Noam Manos from comment #0) > Description of problem: > Creating Octavia healthmonitor type HTTPS - Loadbalancer service is > unavailable. > (When switching to healthmonitor of PING type, Loadbalancer works as > expected). > > > Version-Release number of selected component (if applicable): > OSP: 13 > Puddle: 2018-04-10.2 > > How reproducible: > Always > > > Steps to Reproduce: > > (tester) [stack@undercloud-0 ~]$ openstack loadbalancer healthmonitor create > --delay 5 --max-retries 4 --timeout 10 --type HTTPS pool1 --name > https_monitor > > > Actual results: > [root@amphora-9b983ed7-5a3b-4197-8981-1695cc8a0897 ~]# tail -f > /var/log/**/*.log > > > Broadcast message from > systemd-journald@amphora-9b983ed7-5a3b-4197-8981-1695cc8a0897 (Tue > 2018-05-01 07:38:47 EDT): > > haproxy[22916]: backend d001cc2c-a349-4495-a9b2-13b865676245 has no server > available! > > > Expected results: > > > Additional info: > Adding console output and amphora log. Please share your member creation command. (In reply to Noam Manos from comment #0) > Description of problem: > Creating Octavia healthmonitor type HTTPS - Loadbalancer service is > unavailable. > (When switching to healthmonitor of PING type, Loadbalancer works as > expected). > > > Version-Release number of selected component (if applicable): > OSP: 13 > Puddle: 2018-04-10.2 > > How reproducible: > Always > > > Steps to Reproduce: > > (tester) [stack@undercloud-0 ~]$ openstack loadbalancer healthmonitor create > --delay 5 --max-retries 4 --timeout 10 --type HTTPS pool1 --name > https_monitor > > > Actual results: > [root@amphora-9b983ed7-5a3b-4197-8981-1695cc8a0897 ~]# tail -f > /var/log/**/*.log > > > Broadcast message from > systemd-journald@amphora-9b983ed7-5a3b-4197-8981-1695cc8a0897 (Tue > 2018-05-01 07:38:47 EDT): > > haproxy[22916]: backend d001cc2c-a349-4495-a9b2-13b865676245 has no server > available! > > > Expected results: > > > Additional info: > Adding console output and amphora log. Pls add this flag to the member create command : --monitor-port <monitor_port> An alternate protocol port used for health monitoring a backend member.
vm_name=vm-rht-1
vm_port=443
int_subnet_id=$(openstack subnet show int_subnet -c id -f value)
vm_ip=10.0.0.219
(tester) [stack@undercloud-0 ~]$
openstack loadbalancer member create --name ${vm_name}_$vm_port --subnet $int_subnet_id --address $vm_ip --protocol-port $vm_port pool1 --monitor-port $vm_port
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| address | 10.0.0.219 |
| admin_state_up | True |
| created_at | 2018-05-02T15:38:28 |
| id | d8c8c27e-66a4-411f-b565-53927db29b97 |
| name | vm-rht-1_443 |
| operating_status | OFFLINE |
| project_id | f421dd896bcb47d28f692036f687fcd8 |
| protocol_port | 443 |
| provisioning_status | PENDING_CREATE |
| subnet_id | 34e5abbf-b084-40c0-8c62-846ae64968e0 |
| updated_at | None |
| weight | 1 |
| monitor_port | 443 |
| monitor_address | None |
+---------------------+--------------------------------------+
(tester) [stack@undercloud-0 ~]$ openstack loadbalancer member list pool1
+--------------------------------------+--------------+----------------------------------+---------------------+------------+---------------+------------------+--------+
| id | name | project_id | provisioning_status | address | protocol_port | operating_status | weight |
+--------------------------------------+--------------+----------------------------------+---------------------+------------+---------------+------------------+--------+
| 730bd43d-949d-43d1-a436-57a8366904ed | vm-rht-1 | f421dd896bcb47d28f692036f687fcd8 | ACTIVE | 10.0.0.219 | 80 | NO_MONITOR | 1 |
| 66add177-5369-43d1-b7f3-0798d124eaf8 | vm-rht-2 | f421dd896bcb47d28f692036f687fcd8 | ACTIVE | 10.0.0.214 | 80 | NO_MONITOR | 1 |
| d8c8c27e-66a4-411f-b565-53927db29b97 | vm-rht-1_443 | f421dd896bcb47d28f692036f687fcd8 | ACTIVE | 10.0.0.219 | 443 | OFFLINE | 1 |
+--------------------------------------+--------------+----------------------------------+---------------------+------------+---------------+------------------+--------+
(tester) [stack@undercloud-0 ~]$ curl $lb_fip:80; curl $lb_fip:443
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
(In reply to Alexander Stafeyev from comment #3) > > Pls add this flag to the member create command : > --monitor-port <monitor_port> > An alternate protocol port used for health monitoring > a backend member. Adding a new member with monitor-port=443 (and also protocol-port=443) did not resolve issue - still getting error 503 Service Unavailable. A workaround is to remove the HTTP pool, and create an HTTPS pool. Then the Load Balancer (10.0.0.216) redirects traffic: (tester) [stack@undercloud-0 ~]$ openstack loadbalancer pool create --name pool_https --loadbalancer LB --lb-algorithm ROUND_ROBIN --protocol HTTPS (tester) [stack@undercloud-0 ~]$ openstack loadbalancer member create pool_https --name vm-rht-1_80 --subnet $int_subnet_id --address 10.0.0.219 --protocol-port 80 [stack@undercloud-0 ~]$ curl 10.0.0.216:80 Apache PHP Web Server: Connected client: 10.0.0.212 Web server IP: 172.16.0.219 Web server port: 80 Host name: vm-rht-2 Operating system: Linux Release name: 3.10.0-862.el7.x86_64 Version information: #1 SMP Wed Mar 21 18:14:51 EDT 2018 Machine type: x86_64 (tester) [stack@undercloud-0 ~]$ curl 10.0.0.216:443 Apache PHP Web Server: Connected client: 10.0.0.212 Web server IP: 172.16.0.216 Web server port: 443 Host name: vm-rht-1 Operating system: Linux Release name: 3.10.0-862.el7.x86_64 Version information: #1 SMP Wed Mar 21 18:14:51 EDT 2018 Machine type: x86_64 (Attaching full console output) Created attachment 1432520 [details]
workaround_creating_https_pool
HTTP pool associated to a HTTPS listener is an invalid configuration. Validation of listener and pool protocols is being added at Octavia API level upstream and tracked in RHBZ #1668369. *** This bug has been marked as a duplicate of bug 1668369 *** |