Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1235624 - The VIP for keystone and horizon should not be on the control plane
The VIP for keystone and horizon should not be on the control plane
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
high Severity high
: ga
: Director
Assigned To: Dan Sneddon
Udi
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-06-25 06:58 EDT by Udi
Modified: 2015-08-05 09:56 EDT (History)
9 users (show)

See Also:
Fixed In Version: openstack-tripleo-heat-templates-0.8.6-19.el7ost
Doc Type: Bug Fix
Doc Text:
When deploying an Overcloud, the director placed the Public VIP services on the Provisioning network's "ctlplane". This meant you could not reach the horizon and keystone services from outside of the Overcloud. This fix patches the Heat templates to place the Public VIP on the External network.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-05 09:56:03 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 1235476 None None None Never
OpenStack gerrit 195328 None None None Never
OpenStack gerrit 195722 None None None Never
Red Hat Product Errata RHEA-2015:1549 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform director Release 2015-08-05 13:49:10 EDT

  None (edit)
Description Udi 2015-06-25 06:58:37 EDT 
Description of problem:
The VIP for keystone and the GUI is on the control plane: export OS_AUTH_URL=http://192.0.2.14:5000/v2.0/

My deployment is on bare metals which are also on the 10.35.xxx.xxx network (and in addition it's a HA setup) - is there a way to have a VIP on that network without going through ssh tunnels from the undercloud? If I have to do it via the undercloud, the HA is worthless because as soon as the undercloud node goes down I'll have no way to get to the overcloud as well.


Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates-0.8.6-15.el7ost.noarch


How reproducible:
100%


Steps to Reproduce:
1. I deployed with: openstack overcloud deploy --plan-uuid 30b02f2a-6ccc-4c10-ada4-7dfb93faf3ec --control-scale 3 --neutron-public-interface eth2 --network-cidr 192.168.0.0/16 --floating-ip-start 10.35.190.10 --floating-ip-end 10.35.190.50 --floating-id-cidr 10.35.190.0/24 --bm-network-gateway 10.35.190.254 --neutron-network-type gre --neutron-tunnel-type gre
Comment 3 Udi 2015-06-25 07:00:04 EDT 
Dan, is there a patch for this upstream/downstream?
Comment 4 Dan Sneddon 2015-06-25 13:46:10 EDT 
(In reply to Udi from comment #3)
> Dan, is there a patch for this upstream/downstream?

I'm pretty sure that this behavior is because of this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1235476

There is an upstream patch to fix that, and assuming it passes CI and gets some +2 reviews it should be merged downstream.
Comment 5 Marius Cornea 2015-06-26 12:19:52 EDT 
Verified Dan's patch and the public VIP gets created on the external network:
http://paste.openstack.org/show/321395/

I filed BZ#1236136 in regards to all keystone endpoints using the public VIP.
Comment 7 Leonid Natapov 2015-07-22 04:08:09 EDT 
openstack-tripleo-heat-templates-0.8.6-44.el7ost.noarch

keystone and horizon VIP are on external network.
Comment 9 errata-xmlrpc 2015-08-05 09:56:03 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1549
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.