Description of problem: os-cloud-config hardcodes the SSL port numbers which make it impossible to customize the SSL ports (BZ#1313855) Version-Release number of selected component (if applicable): os-net-config-0.2.0-1.el7ost.noarch How reproducible: 100% Steps to Reproduce: 1. Deploy SSL enabled overcloud with custom ports for the public API endpoints Actual results: Deployment fails with a connection refused message. The keystone endpoints are set to use the default ports but the services are actually binding on the custom ports. | keystone | identity | regionOne | | | | publicURL: https://rxtx.ro:13000/v2.0 | | | | internalURL: http://[fd00:fd00:fd00:2000::10]:5000/v2.0 | | | | adminURL: http://192.0.2.13:35357/v2.0 stack@instack:~>>> curl https://rxtx.ro:13000/v2.0 curl: (7) Failed connect to rxtx.ro:13000; Connection refused stack@instack:~>>> curl https://rxtx.ro:5000/v2.0 {"version": {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": [{"href": "https://rxtx.ro:5000/v2.0/", "rel": "self"}, {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}]}} Expected results: Deployment finishes.
https://review.openstack.org/#/c/299279/ will at least allow customization of keystone ports via os-cloud-config, but we still need a tripleoclient patch
James, there are three commits tracked for this BZ, being https://review.openstack.org/#/c/299475/ one of them, which is the change needed to tripleoclient. Would sure use some reviews :D
I see that the attached tripleoclient patches are not present downstream(python-tripleoclient-0.3.4-4.el7ost.noarch). Can they be picked so I proceed with the verification? Thanks
This bug is still ON_DEV, so not ready for testing yet, though I see that patches did land upstream. Just waiting on a backport of the changes to get a build done.
[stack@undercloud ~]$ source overcloudrc [stack@undercloud ~]$ openstack catalog list +------------+---------------+---------------------------------------------------------------------------------+ | Name | Type | Endpoints | +------------+---------------+---------------------------------------------------------------------------------+ | nova | compute | regionOne | | | | publicURL: https://172.16.18.25:8774/v2.1/ae1b02e100d144db97181a8835cdaf54 | | | | internalURL: http://10.0.0.10:8774/v2.1/ae1b02e100d144db97181a8835cdaf54 | | | | adminURL: http://10.0.0.10:8774/v2.1/ae1b02e100d144db97181a8835cdaf54 | | | | | | neutron | network | regionOne | | | | publicURL: https://172.16.18.25:9696/ | | | | internalURL: http://10.0.0.10:9696/ | | | | adminURL: http://10.0.0.10:9696/ | | | | | | cinderv2 | volumev2 | regionOne | | | | publicURL: https://172.16.18.25:8776/v2/ae1b02e100d144db97181a8835cdaf54 | | | | internalURL: http://10.0.0.10:8776/v2/ae1b02e100d144db97181a8835cdaf54 | | | | adminURL: http://10.0.0.10:8776/v2/ae1b02e100d144db97181a8835cdaf54 | | | | | | glance | image | regionOne | | | | publicURL: https://172.16.18.25:9292/ | | | | internalURL: http://10.0.0.138:9292/ | | | | adminURL: http://10.0.0.138:9292/ | | | | | | ceilometer | metering | regionOne | | | | publicURL: https://172.16.18.25:8777/ | | | | internalURL: http://10.0.0.10:8777/ | | | | adminURL: http://10.0.0.10:8777/ | | | | | | cinder | volume | regionOne | | | | publicURL: https://172.16.18.25:8776/v1/ae1b02e100d144db97181a8835cdaf54 | | | | internalURL: http://10.0.0.10:8776/v1/ae1b02e100d144db97181a8835cdaf54 | | | | adminURL: http://10.0.0.10:8776/v1/ae1b02e100d144db97181a8835cdaf54 | | | | | | heat | orchestration | regionOne | | | | publicURL: https://172.16.18.25:8004/v1/ae1b02e100d144db97181a8835cdaf54 | | | | internalURL: http://10.0.0.10:8004/v1/ae1b02e100d144db97181a8835cdaf54 | | | | adminURL: http://10.0.0.10:8004/v1/ae1b02e100d144db97181a8835cdaf54 | | | | | | swift | object-store | regionOne | | | | publicURL: https://172.16.18.25:8080/v1/AUTH_ae1b02e100d144db97181a8835cdaf54 | | | | internalURL: http://10.0.0.138:8080/v1/AUTH_ae1b02e100d144db97181a8835cdaf54 | | | | adminURL: http://10.0.0.138:8080/v1 | | | | | | keystone | identity | regionOne | | | | publicURL: https://172.16.18.25:5000/v2.0 | | | | internalURL: http://10.0.0.10:5000/v2.0 | | | | adminURL: http://192.168.0.17:35357/v2.0 | | | | | +------------+---------------+---------------------------------------------------------------------------------+
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1229