Bug 1306399 - glance_registry haproxy config doesn't have any bind directive with an ssl enabled overcloud
glance_registry haproxy config doesn't have any bind directive with an ssl en...
Status: CLOSED NEXTRELEASE
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
unspecified Severity high
: ---
: 12.0 (Pike)
Assigned To: Cyril Roelandt
Avi Avraham
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-10 12:39 EST by Marius Cornea
Modified: 2017-11-29 09:45 EST (History)
17 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-11-29 09:45:26 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marius Cornea 2016-02-10 12:39:55 EST
Description of problem:
glance_registry haproxy config doesn't have any bind directive with an ssl enabled overcloud:


Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates-0.8.6-117.el7ost.noarch

How reproducible:
100%

Steps to Reproduce:
[root@overcloud-controller-0 ~]# grep -A 5 glance_registry /etc/haproxy/haproxy.cfg 
listen glance_registry
  server overcloud-controller-0 192.168.100.13:9191 check fall 5 inter 2000 rise 2
  server overcloud-controller-1 192.168.100.12:9191 check fall 5 inter 2000 rise 2
  server overcloud-controller-2 192.168.100.16:9191 check fall 5 inter 2000 rise 2
Comment 1 Giulio Fidente 2016-02-10 13:03:49 EST
I think glance-registry doesn't need to have an SSL binding because it's not user-facing service. It is only glance-api calling it.
Comment 2 Marius Cornea 2016-02-10 13:13:06 EST
The issue is that there's no binding that uses the internal api vip. The config files are set up with the local ips thus the glance registry requests don't get balanced:

[root@overcloud-controller-0 ~]# grep -A 5 glance_registry /etc/haproxy/haproxy.cfg 
listen glance_registry
  server overcloud-controller-0 192.168.100.13:9191 check fall 5 inter 2000 rise 2
  server overcloud-controller-1 192.168.100.12:9191 check fall 5 inter 2000 rise 2
  server overcloud-controller-2 192.168.100.16:9191 check fall 5 inter 2000 rise 2

[root@overcloud-controller-0 ~]# grep registry_host /etc/glance/*
/etc/glance/glance-api.conf:#registry_host=0.0.0.0
/etc/glance/glance-api.conf:registry_host=192.168.100.13
/etc/glance/glance-cache.conf:#registry_host=0.0.0.0
/etc/glance/glance-cache.conf:registry_host=192.168.100.13
/etc/glance/glance-scrubber.conf:#registry_host=0.0.0.0
Comment 3 Mike Burns 2016-04-07 17:07:13 EDT
This bug did not make the OSP 8.0 release.  It is being deferred to OSP 10.
Comment 7 Amit Aviram 2016-11-23 09:45:49 EST
I believe you are asking the wrong person.. (I'm Amit Aviram, aaviram)

Note You need to log in before you can comment on or make changes to this bug.