Bug 2034177

Summary: The [keystone_authtoken] www_authenticate_uri parameter in glance-api.conf is set with an invalid url
Product: Red Hat OpenStack Reporter: Takashi Kajinami <tkajinam>
Component: openstack-tripleo-heat-templatesAssignee: OSP Team <rhos-maint>
Status: CLOSED ERRATA QA Contact: Joe H. Rahme <jhakimra>
Severity: high Docs Contact:
Priority: high    
Version: 16.1 (Train)CC: drosenfe, mburns, ramishra
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-11.3.2-1.20220111063405.29a02c1.el8ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-24 11:02:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2037439    

Description Takashi Kajinami 2021-12-20 10:26:01 UTC 
Description of problem:

It was found that the [keystone_authtoken] www_authenticate_uri parameter points to 127.0.0.1 instead of the actual endpoint url with vip.

/var/lib/config-data/puppet-generated/glance_api/etc/glance/glance-api.conf
~~~
[keystone_authtoken]
www_authenticate_uri=http://127.0.0.1:5000
~~~


Version-Release number of selected component (if applicable):
This issue was initially found in RHOSP16.1.6

How reproducible:
Always

Steps to Reproduce:
1. Deploy overcloud
2. Check glance-api.conf in overcloud controllers

Actual results:
www_authenticate_uri points to 127.0.0.1

Expected results:
www_authenticate_url points to vip of internal_api network


Additional info:
Comment 1 Takashi Kajinami 2021-12-20 10:26:57 UTC 
It seems we should backport https://review.opendev.org/c/openstack/tripleo-heat-templates/+/704238 to stable/train and RHOSP16.1.

I've proposed stable/train backport as https://review.opendev.org/c/openstack/tripleo-heat-templates/+/822243 .
Comment 2 Takashi Kajinami 2021-12-21 00:22:54 UTC 
It turned out usage of internal endpoint is still incorrect and we should use public endpoint.
I've reported a different bug for that.
 https://bugzilla.redhat.com/show_bug.cgi?id=2034203

Maybe we should close this and continue in the above bug.
Comment 8 David Rosenfeld 2022-01-31 15:54:15 UTC 
www_authenticate_uri points to vip of internal network. Below is found in: /var/lib/config-data/puppet-generated/glance_api/etc/glance/glance-api.conf

www_authenticate_uri=http://192.168.24.3:5000
Comment 15 errata-xmlrpc 2022-03-24 11:02:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.8 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:0986