Bug 1452677 - overcloud heat metadata endpoints are incorrectly set to localhost
Summary: overcloud heat metadata endpoints are incorrectly set to localhost
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-heat
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: z4
: 10.0 (Newton)
Assignee: Zane Bitter
QA Contact: Amit Ugol
URL:
Whiteboard:
: 1316072 1425189 (view as bug list)
Depends On:
Blocks: 1335596 1356451 1456909
TreeView+ depends on / blocked
 
Reported: 2017-05-19 13:07 UTC by David Gurtner
Modified: 2017-09-06 17:13 UTC (History)
12 users (show)

Fixed In Version: openstack-heat-7.0.3-2.el7ost
Doc Type: Bug Fix
Doc Text:
Cause: In the heat-dist.conf file, the endpoint URLs for the various metadata services were explicitly set to localhost. Consequence: Resources that use metadata to communicate with deployed servers (such as WaitConditions and SoftwareDeployments) would not work unless the URLs were explicitly overridden in the local config file, even though Heat has the capability to determine these automatically with the Keystone catalog. Fix: The URLs are now left unset in the heat-dist.conf file. Result: Heat will automatically determine the correct URLs from the Keystone catalog unless the local config file explicitly overrides them.
Clone Of:
: 1456909 (view as bug list)
Environment:
Last Closed: 2017-09-06 17:13:53 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2655 normal SHIPPED_LIVE openstack-heat bug fix advisory 2017-09-06 20:56:09 UTC
RDO 6940 None None None 2017-06-01 16:01:14 UTC
Red Hat Bugzilla 1395139 None CLOSED overcloud heat metadata endpoints are incorrectly set to localhost 2019-09-12 17:19:47 UTC
Red Hat Bugzilla 1425189 None CLOSED OSP10 doesn't deploy Heat (for the overcloud) properly 2019-09-12 17:19:47 UTC

Internal Links: 1395139 1425189

Description David Gurtner 2017-05-19 13:07:17 UTC
Description of problem:

heat metadata urls are set to 127.0.0.1 in the defaults in /usr/share/heat/heat-dist.conf:
heat_metadata_server_url = http://127.0.0.1:8000
heat_waitcondition_server_url = http://127.0.0.1:8000/v1/waitcondition
heat_watch_server_url =http://127.0.0.1:8003

Recently there was a BZ around those values being set to 127.0.0.1 via Puppet #1395139 this has been fixed by removing those defaults from the heat-puppet modules. And now those values are no longer defined in /etc/heat/heat.conf.

This means that they fall back to the values from /usr/share/heat/heat-dist.conf from the openstack-heat-commons package, which still have those values set to 127.0.0.1.

A complete fix of the problem would require to remove those values from /usr/share/heat/heat-dist.conf as well, and then Heat would finally fall back to the values provided by Keystone.
Alternatively it should be explicitely set to the correct heat_cfn endpoint.

Version-Release number of selected component (if applicable):
puppet-heat-9.5.0-1.el7ost.noarch
openstack-heat-api-cfn-7.0.2-1.el7ost.noarch
python-heat-agent-0-0.11.1e6015dgit.el7ost.noarch
openstack-heat-api-7.0.2-1.el7ost.noarch
python-heat-agent-puppet-0-0.11.1e6015dgit.el7ost.noarch
python-heatclient-1.5.0-1.el7ost.noarch
openstack-heat-api-cloudwatch-7.0.2-1.el7ost.noarch
openstack-heat-common-7.0.2-1.el7ost.noarch
openstack-heat-engine-7.0.2-1.el7ost.noarch
heat-cfntools-1.3.0-2.el7ost.noarch

How reproducible:
Always

Steps to Reproduce:
1. Install OSP10
2. Launch a Heat stack containing with a Nova instance and using a SoftwareDeployment and SOFTWARE_CONFIG
3. Check that /var/lib/heat-cfntools/cfn-init-data

Actual results:
"metadata_url" is set to 127.0.0.1

Expected results:
"metadata_url" is set to the Public heat_cfn endpoint.


Additional info:

Comment 1 Zane Bitter 2017-05-19 14:51:12 UTC
I think this is the same issue as bug 1425189.

It definitely sounds to me like heat-dist.conf is wrong, because IIUC Heat can now do the Right Thing based on the keystone catalog as long as nothing is explicitly specified in a config file.

Comment 2 David Gurtner 2017-05-19 14:58:11 UTC
(In reply to Zane Bitter from comment #1)
> I think this is the same issue as bug 1425189.

That's my understanding. But the fix from 1425189 only partially solved the issue, i.e. 1425189 removed the wrong setting from /etc/heat/heat.conf, but it's still in /usr/share/heat/heat-dist.conf

Comment 3 David Gurtner 2017-05-19 15:00:45 UTC
(In reply to David Gurtner from comment #2)
> (In reply to Zane Bitter from comment #1)
> > I think this is the same issue as bug 1425189.
> 
> That's my understanding. But the fix from 1425189 only partially solved the
> issue, i.e. 1425189 removed the wrong setting from /etc/heat/heat.conf, but
> it's still in /usr/share/heat/heat-dist.conf

Sorry, got confused between 1425189 and 1395139, please disregard the above.

Comment 4 Zane Bitter 2017-05-19 15:26:32 UTC
The suggestion in bug 1425189 was effectively that it was already solved by bug 1395139, so there should be no need to set the addresses explicitly (as in https://review.openstack.org/#/c/439699/). This in my mind confirms that that is not the case, but the correct fix is to change heat-dist.conf, not to set the addresses explicitly in t-h-t.

Comment 6 Zane Bitter 2017-05-30 13:49:44 UTC
Posted a fix to RDO:

https://review.rdoproject.org/r/#/c/6877/

I'll backport downstream once it has been reviewed.

Comment 8 Zane Bitter 2017-05-30 16:25:07 UTC
*** Bug 1425189 has been marked as a duplicate of this bug. ***

Comment 9 Eduard Barrera 2017-06-01 09:57:46 UTC
We realized that upstream github templates were used for the job on downstream product, something that is unsupported, bugzilla can be closed

Comment 10 David Gurtner 2017-06-01 12:53:19 UTC
(In reply to Eduard Barrera from comment #9)
> We realized that upstream github templates were used for the job on
> downstream product, something that is unsupported, bugzilla can be closed

I opened the above bug in relation to a different environment from the one Eduard was working on. The bug itself is still valid and shouldn't be closed.

Thanks,
David

Comment 11 Zane Bitter 2017-07-17 13:41:38 UTC
*** Bug 1316072 has been marked as a duplicate of this bug. ***

Comment 14 Ronnie Rasouli 2017-09-06 11:49:11 UTC
changes applied not metadata URL on:

openstack-heat-api-cfn-7.0.5-1.el7ost.noarch
openstack-heat-common-7.0.5-1.el7ost.noarch
openstack-heat-api-7.0.5-1.el7ost.noarch
openstack-heat-engine-7.0.5-1.el7ost.noarch
openstack-heat-templates-0-0.12.1e6015dgit.el7ost.noarch
[

Comment 16 errata-xmlrpc 2017-09-06 17:13:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2655


Note You need to log in before you can comment on or make changes to this bug.