Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1190284

Summary: Nova Compute talks to Cinder via Public URL
Product: Red Hat OpenStack Reporter: Jon Jozwiak <jjozwiak>
Component: openstack-foreman-installerAssignee: Crag Wolfe <cwolfe>
Status: CLOSED ERRATA QA Contact: Alexander Chuzhoy <sasha>
Severity: low Docs Contact:
Priority: unspecified    
Version: 5.0 (RHEL 7)CC: aberezin, christopher_dearborn, dmacpher, jguiditt, mburns, morazi, ohochman, rhos-maint, sasha, tytus.kurek, vcojot, yeylon
Target Milestone: z1Keywords: ZStream
Target Release: Installer   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: openstack-foreman-installer-3.0.15-1.el7ost Doc Type: Bug Fix
Doc Text:
Nova Compute interacted with Cinder on the Public URL. However, in some deployments, Nova Compute was not configured on the Public URL and therefore could not communicate with Cinder. This fix switches communication to the Internal URL.
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 18:20:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jon Jozwiak 2015-02-06 21:29:00 UTC
Description of problem:

The RHEL OSP installer by default has nova compute talk to the Cinder API via the Public URL defined in Keystone.  In several deployments the public network is isolated and the compute nodes cannot talk to it.  The result is that cinder volumes would be created, but could not be attached to the instance.  /var/log/nova/nova-compute.log indicates the connection error.  

The OpenStack security guide (http://docs.openstack.org/security-guide/content/ch021_paste-and-middleware.html) recommends that nova communicate over internal URL rather than public.  This is achieved by modifying /etc/nova/nova.conf and setting the following parameter to internal: 

cinder_catalog_info='volume:cinder:internalURL'

The quickstack compute classes should be updated to use internal rather than public.  

Version-Release number of selected component (if applicable):
RHEL OSP 5 / RHEL OSP 6 

How reproducible:
Communication will fail in any deployment where compute nodes are isolated from the Public URL from Cinder.  

Steps to Reproduce:
1. Boot a nova instance 
2. Attach a cinder volume 


Actual results:
Cinder volume does not attach due to no communication to publicURL 

Expected results:
Nova communicates over internal URLs rather than public URLs.  

Additional info:

I believe for the Neutron host group this could be set in quickstack::compute_common just by adding a new configuration value like this: 

nova_config {
  'DEFAULT/cinder_catalog_info': value => 'volume:cinder:internalURL';
}

Alternatively this could be modified to allow a configurable parameter rather than hard coding the value.

Comment 5 Jason Guiditta 2015-02-11 14:28:46 UTC
Patch:
https://github.com/redhat-openstack/astapor/pull/477

Comment 6 Mike Burns 2015-02-12 22:01:18 UTC
To Verify:

check /etc/nova/nova.conf for this value:

cinder_catalog_info='volume:cinder:internalURL'

Comment 7 Jason Guiditta 2015-02-13 18:10:49 UTC
merged

Comment 9 Alexander Chuzhoy 2015-02-18 19:45:35 UTC
Verified:

Environment:
ruby193-rubygem-foreman_openstack_simplify-0.0.6-8.el7ost.noarch
rhel-osp-installer-client-0.5.5-5.el7ost.noarch
openstack-foreman-installer-3.0.16-1.el7ost.noarch
rhel-osp-installer-0.5.5-5.el7ost.noarch
ruby193-rubygem-staypuft-0.5.19-1.el7ost.noarch
openstack-puppet-modules-2014.2.8-2.el7ost.noarch

Based on comment #6:
[root@maca25400868096 ~]#  grep cinder_catalog_info= /etc/nova/nova.conf
cinder_catalog_info=volume:cinder:internalURL

Comment 11 errata-xmlrpc 2015-03-05 18:20:05 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0641.html

Comment 12 Chris Dearborn 2015-03-19 20:58:23 UTC
FYI, this will resolve the same problem that we were seeing at Dell.