Bug 1705904

Summary: Cannot create non-terminated HTTPS load-balancer from Horizon
Product: Red Hat OpenStack Reporter: David Gurtner <dgurtner>
Component: openstack-octavia-uiAssignee: Assaf Muller <amuller>
Status: CLOSED DUPLICATE QA Contact: Bruna Bonguardo <bbonguar>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 13.0 (Queens)CC: cgoncalves, dgurtner, ihrachys, lpeer, majopela, nchandek, scohen, tfreger
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-07 11:34:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Octavia Loadbalancer creation UI with HTTPS option missing none

Description David Gurtner 2019-05-03 08:00:06 UTC 
Created attachment 1562241 [details]
Octavia Loadbalancer creation UI with HTTPS option missing

Description of problem:

It is not possible to create a non-terminated HTTPS loadbalancer from Horizon.

HTTPS is missing from the protocol dropdown (compare attached picture).

Only TCP, HTTP and TERMINATED_HTTPS are listed and TERMINATED_HTTPS is grayed out, as it's not supported[1], and as is covered in BZ #1686883


In a bit more detail:

Octavia knows different protocols for Loadbalancer, specifically:
- TCP
- HTTP
- HTTPS
- TERMINATED_HTTPS

The first 3, i.e. TCP, HTTP and HTTPS are supported according to documentation[1]. They can be used successfully from the command-line.

In the case of HTTPS the commands are something like this:
openstack loadbalancer create --name lb1 --vip-subnet-id default
# Re-run the following until lb1 shows ACTIVE and ONLINE statuses:
openstack loadbalancer show lb1
openstack loadbalancer listener create --name listener1 --protocol HTTPS --protocol-port 443 lb1
openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTPS
openstack loadbalancer healthmonitor create --delay 5 --max-retries 4 --timeout 10 --type HTTPS --url-path /healthcheck pool1
openstack loadbalancer member create --subnet-id default --address 10.0.0.3 --protocol-port 443 pool1

This will launch an Amphora VM with an HAProxy backend, with the following config:
# Configuration for lb1
global
    daemon
    user nobody
    log /dev/log local0
    log /dev/log local1 notice
    stats socket /var/lib/octavia/3b136b4e-3348-4a8f-bcff-522326cada12.sock mode 0666 level user
    maxconn 1000000

defaults
    log global
    retries 3
    option redispatch
    timeout connect 5000
    timeout client 50000
    timeout server 50000



frontend 3b136b4e-3348-4a8f-bcff-522326cada12
    option tcplog
    maxconn 1000000
    bind 10.0.0.8:443
    mode tcp
    default_backend 6a7f7b60-4a0f-4674-b982-127bc86cb258

backend 6a7f7b60-4a0f-4674-b982-127bc86cb258
    mode tcp
    balance roundrobin
    timeout check 10s
    option httpchk GET /healthcheck
    http-check expect rstatus 200
    fullconn 1000000
    server da07b1b7-aecb-4d46-b06e-6d23639016fe 10.0.0.3:443 weight 1 check check-ssl verify none inter 5s fall 3 rise 4



This is different from using TCP or HTTP. In the case of TCP, the healthcheck options: "option httpchk GET /healthcheck" and "http-check expect rstatus 200" are missing. In the case of HTTP there is no "check-ssl verify none" options in the server lines. Consequently HTTPS is different and required.


[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html/networking_guide/sec-octavia#octavia_limitations


Version-Release number of selected component (if applicable):

Containers:
- Horizon: registry.access.redhat.con/rhosp13/openstack-horizon:13.0-67
- Octavia Housekeeping: registry.access.redhat.con/rhosp13/openstack-octavia-housekeeping:13.0-68
- Octavia API: registry.access.redhat.con/rhosp13/openstack-octavia-api:13.0-66
- Octavia Worker: registry.access.redhat.con/rhosp13/openstack-octavia-worker:13.0-68
- Octavia Healthmanager: registry.access.redhat.con/rhosp13/openstack-octavia-health-manager:13.0-68

Amphora:
- octavia-amphora-image-x86_64-13.0-20190418.1.el7ost.noarch


How reproducible:
always


Steps to Reproduce:
1. Deploy OSP13 with Octavia (and in my case Barbican, but I don't think that has an impact).
2. Connect to Horizon and try to launch a Loadbalancer

Actual results:
Only TCP and HTTP can be selected as protocols.

Expected results:
TCP, HTTP and HTTPS protocols can be selected.

Additional info:
This is not about the TERMINATED_HTTPS protocol, which is a separate BZ #1686883
Comment 2 Carlos Goncalves 2019-05-07 11:28:21 UTC 
HTTPS was added to the Octavia dashboard in Rocky cycle: https://review.opendev.org/#/c/542075/
Comment 3 Carlos Goncalves 2019-05-07 11:34:51 UTC 
The team has been working on backporting several dashboard features only available starting in OSP 14/Rocky to OSP 13/Queens. Part of that effort includes the backport of https://review.opendev.org/#/c/542075/. As so, I'll close this RHBZ as duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1698467

*** This bug has been marked as a duplicate of bug 1698467 ***