Bug 1234817 - HAProxy binds only on addresses from brctlplane network when using network isolation.
Summary: HAProxy binds only on addresses from brctlplane network when using network is...
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 7.0 (Kilo)
Hardware: Unspecified
OS: Unspecified
Target Milestone: ga
: Director
Assignee: Giulio Fidente
QA Contact: Marius Cornea
Depends On:
TreeView+ depends on / blocked
Reported: 2015-06-23 10:10 UTC by Marius Cornea
Modified: 2015-08-05 13:55 UTC (History)
8 users (show)

Fixed In Version: openstack-tripleo-heat-templates-0.8.6-14.el7ost
Doc Type: Bug Fix
Doc Text:
The HAProxy listener for Galera would bind on the ctlplane address. This meant clients could not reach the Galera service when using an Overcloud with network isolation. This fix changes the binding address of the HAProxy Galera listener to the VIP in the internal_api network. Clients now can reach the Galera service on Overclouds with network isolation.
Clone Of:
Last Closed: 2015-08-05 13:55:24 UTC
Target Upstream Version:

Attachments (Terms of Use)
controller (16.02 KB, text/plain)
2015-06-23 10:10 UTC, Marius Cornea
no flags Details
haproxy.cfg (3.55 KB, text/plain)
2015-06-23 10:54 UTC, Marius Cornea
no flags Details

System ID Priority Status Summary Last Updated
OpenStack gerrit 194624 None None None Never
OpenStack gerrit 194639 None None None Never
Red Hat Product Errata RHEA-2015:1549 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform director Release 2015-08-05 17:49:10 UTC

Description Marius Cornea 2015-06-23 10:10:34 UTC
Created attachment 1042204 [details]

Description of problem:
I'm deploying a 1 x controller and 1 x compute overcloud with the network isolation (using provided single-nic-vlans templates). Deployment fails because services are trying to access mysql by the VIP in the internal-API network. HAProxy is using the brctlplane IP to listen for 3306 port and the mariadb server listens on the local IP in the internal-API network so services fail to access it by the VIP in the internal-API network.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Deploy 1 compute and 1 controller overcloud with network isolation

Actual results:
Deployment fails becasue services aren't able to access the db server.

Expected results:
Deployment is successful.

Additional info:
Attaching the controller configuration. vlan20 is the internalapi network.

Comment 3 Giulio Fidente 2015-06-23 10:28:15 UTC
this should be fixed by openstack-puppet-modules-2015.1.6-2.el7ost , can you check if the issue is still present with that version?

Comment 4 Giulio Fidente 2015-06-23 10:51:20 UTC
with updated version of OPM this is still failing due to:

  parsing [/etc/haproxy/haproxy.cfg:94] : 'server' : invalid address: 'backup'

from haproxy logs. The list of backend servers seems to be missing hostname from servers list, only has IP.

Comment 5 Marius Cornea 2015-06-23 10:54:14 UTC
Created attachment 1042243 [details]

Attaching haproxy.cfg.

Comment 8 errata-xmlrpc 2015-08-05 13:55:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.