Bug 1276353 - CFME should not use OpenStack adminURL endpoints for any services
CFME should not use OpenStack adminURL endpoints for any services
Status: CLOSED ERRATA
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers (Show other bugs)
5.4.0
Unspecified Unspecified
high Severity high
: GA
: 5.4.4
Assigned To: Greg Blomquist
Jan Krocil
: ZStream
Depends On: 1276118
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-29 10:13 EDT by Chris Pelland
Modified: 2015-12-16 08:19 EST (History)
10 users (show)

See Also:
Fixed In Version: 5.4.4.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1276118
Environment:
Last Closed: 2015-12-16 08:19:05 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Pelland 2015-10-29 10:13:03 EDT
+++ This bug was initially created as a clone of Bug #1276118 +++

Description of problem:

If OpenStack is configured to have it's adminURL endpoints for services on a private network (or otherwise inaccessible to CFME), then CFME will fail to collect inventory.

I've been told by OSP developers that as of OSP7, external access to the adminURL endpoints is off limits and is explicitly blocked.

Steps to Reproduce:
1. Setup OSP7 with adminURL service endpoints on a private network
2. Connect CFME to the OSP7 environment
3. Attempt to gather inventory from OSP7

Actual results:

CFME fails to gather inventory.  The error in the log will reflect the type of networking problem encountered.  Usually, "No route to host".

Expected results:

CFME successfully collects inventory from OSP7.

--- Additional comment from Greg Blomquist on 2015-10-28 15:10:12 EDT ---

https://github.com/ManageIQ/manageiq/pull/5169

--- Additional comment from CFME Bot on 2015-10-28 15:55:52 EDT ---

New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/72d6d7794f0ac06ad85058f99414cd9a27414c88

commit 72d6d7794f0ac06ad85058f99414cd9a27414c88
Author:     Greg Blomquist <gblomqui@redhat.com>
AuthorDate: Wed Oct 28 14:55:40 2015 -0400
Commit:     Greg Blomquist <gblomqui@redhat.com>
CommitDate: Wed Oct 28 14:55:40 2015 -0400

    Stop using adminURL OSP service endpoints
    
    Fog defaults to using adminURL OSP service endpoints for some services.  A blind
    grep of Fog code shows the following:
    
    > identity_v2.rb: @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > identity_v3.rb: @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > image_v1.rb:    @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > image_v2.rb:    @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > metering.rb:    @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > planning.rb:    @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > volume.rb:      @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    
    By explicitly setting the openstack_endpoint_type to 'publicURL', manageIQ will
    always use the publicURL for all connections to any OpenStack Service Endpoint.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1276118

 gems/pending/openstack/openstack_handle/handle.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

--- Additional comment from Oleg Barenboim on 2015-10-29 10:11:56 EDT ---

Please create MR on downstream 5.5
Comment 1 CFME Bot 2015-11-12 15:20:09 EST
New commit detected on cfme/5.4.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=24908430af1ca6ee6d12266b3fe27ddd42882eca

commit 24908430af1ca6ee6d12266b3fe27ddd42882eca
Author:     Greg Blomquist <gblomqui@redhat.com>
AuthorDate: Wed Oct 28 14:55:40 2015 -0400
Commit:     Greg Blomquist <gblomqui@redhat.com>
CommitDate: Tue Nov 10 16:41:16 2015 -0500

    Stop using adminURL OSP service endpoints
    
    Fog defaults to using adminURL OSP service endpoints for some services.  A blind
    grep of Fog code shows the following:
    
    > identity_v2.rb: @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > identity_v3.rb: @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > image_v1.rb:    @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > image_v2.rb:    @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > metering.rb:    @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > planning.rb:    @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > volume.rb:      @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    
    By explicitly setting the openstack_endpoint_type to 'publicURL', manageIQ will
    always use the publicURL for all connections to any OpenStack Service Endpoint.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1276118
    https://bugzilla.redhat.com/show_bug.cgi?id=1276353

 lib/openstack/openstack_handle/handle.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)
Comment 2 CFME Bot 2015-11-12 15:20:59 EST
New commit detected on cfme/5.4.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=f1cf151a52faf1301d3f11fd117ae362d9eadfbe

commit f1cf151a52faf1301d3f11fd117ae362d9eadfbe
Merge: acee802 2490843
Author:     Jason Frey <jfrey@redhat.com>
AuthorDate: Wed Nov 11 16:18:07 2015 -0500
Commit:     Jason Frey <jfrey@redhat.com>
CommitDate: Wed Nov 11 16:18:07 2015 -0500

    Merge branch 'bz1276353-os-use-public-endpoints' into '5.4.z'
    
    Stop using adminURL OSP service endpoints
    
    Fog defaults to using adminURL OSP service endpoints for some services.  A blind
    grep of Fog code shows the following:
    
    > identity_v2.rb: @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > identity_v3.rb: @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > image_v1.rb:    @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > image_v2.rb:    @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > metering.rb:    @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > planning.rb:    @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    > volume.rb:      @openstack_endpoint_type  = options[:openstack_endpoint_type] || 'adminURL'
    
    By explicitly setting the openstack_endpoint_type to 'publicURL', manageIQ will
    always use the publicURL for all connections to any OpenStack Service Endpoint.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1276118
    https://bugzilla.redhat.com/show_bug.cgi?id=1276353
    
    Upstream: https://github.com/ManageIQ/manageiq/pull/5169
    
    See merge request !397

 lib/openstack/openstack_handle/handle.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)
Comment 4 Jan Krocil 2015-12-09 07:58:31 EST
Verified fixed in 5.4.4.2 - 5.4.4.2.20151130143928_89a28ce.
Comment 6 errata-xmlrpc 2015-12-16 08:19:05 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2620.html

Note You need to log in before you can comment on or make changes to this bug.