Bug 1488355 - ssl container setups hangs in heat db sync
Summary: ssl container setups hangs in heat db sync
Keywords:
Status: CLOSED DUPLICATE of bug 1486363
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 12.0 (Pike)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Emilien Macchi
QA Contact: Gurenko Alex
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-09-05 08:14 UTC by Attila Fazekas
Modified: 2017-09-05 08:24 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-05 08:24:59 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Attila Fazekas 2017-09-05 08:14:35 UTC 
Description of problem:

heat db sync forever tries to connect to the mysql vip, but haproxy is not running.

192.168.24.1:8787/rhosp12/openstack-haproxy-docker:2017-08-31.2 haproxy_init_bundle log contains errors like:

Error: /Stage[main]/Haproxy/Haproxy::Instance[haproxy]/Haproxy::Config[haproxy]/Concat[/etc/haproxy/haproxy.cfg]/File[/etc/haproxy/haproxy.cfg]/content: change from {md5}1f337186b0e1ba5ee82760cb437fb810 to {md5}a2f2a8d54d1068d962337a23798234be failed: Execution of '/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg20170905-8-bg0qsd -c' returned 1: [ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:26] : 'bind 10.0.0.101:13042' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:37] : 'bind 10.0.0.101:13776' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:48] : 'bind 10.0.0.101:13292' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:59] : 'bind 10.0.0.101:13041' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:77] : 'bind 10.0.0.101:13004' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:90] : 'bind 10.0.0.101:13005' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:103] : 'bind 10.0.0.101:13003' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:116] : 'bind 10.0.0.101:443' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:118] : 'bind 172.17.1.11:443' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:139] : 'bind 10.0.0.101:13000' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:160] : 'bind 10.0.0.101:13696' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:176] : 'bind 10.0.0.101:13080' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:186] : 'bind 10.0.0.101:13774' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:197] : 'bind 10.0.0.101:13778' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:208] : 'bind 10.0.0.101:13779' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:229] : 'bind 10.0.0.101:13386' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : parsing [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:237] : 'bind 10.0.0.101:13808' : unable to load SSL private key from PEM file '/etc/pki/tls/private/overcloud_endpoint.pem'.
[ALERT] 247/071151 (3236) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg20170905-8-bg0qsd
[ALERT] 247/071151 (3236) : Proxy 'aodh': no SSL certificate specified for bind '10.0.0.101:13042' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:26] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'cinder': no SSL certificate specified for bind '10.0.0.101:13776' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:37] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'glance_api': no SSL certificate specified for bind '10.0.0.101:13292' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:48] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'gnocchi': no SSL certificate specified for bind '10.0.0.101:13041' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:59] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'heat_api': no SSL certificate specified for bind '10.0.0.101:13004' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:77] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'heat_cfn': no SSL certificate specified for bind '10.0.0.101:13005' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:90] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'heat_cloudwatch': no SSL certificate specified for bind '10.0.0.101:13003' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:103] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'horizon': no SSL certificate specified for bind '10.0.0.101:443' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:116] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'horizon': no SSL certificate specified for bind '172.17.1.11:443' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:118] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'keystone_public': no SSL certificate specified for bind '10.0.0.101:13000' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:139] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'neutron': no SSL certificate specified for bind '10.0.0.101:13696' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:160] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'nova_novncproxy': no SSL certificate specified for bind '10.0.0.101:13080' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:176] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'nova_osapi': no SSL certificate specified for bind '10.0.0.101:13774' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:186] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'nova_placement': no SSL certificate specified for bind '10.0.0.101:13778' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:197] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'panko': no SSL certificate specified for bind '10.0.0.101:13779' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:208] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'sahara': no SSL certificate specified for bind '10.0.0.101:13386' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:229] (use 'crt').
[ALERT] 247/071151 (3236) : Proxy 'swift_proxy_server': no SSL certificate specified for bind '10.0.0.101:13808' at [/etc/haproxy/haproxy.cfg20170905-8-bg0qsd:237] (use 'crt').
[ALERT] 247/071151 (3236) : Fatal errors found in configuration.

Version-Release number of selected component (if applicable):
 2017-08-31.3
openstack-tripleo-heat-templates-7.0.0-0.20170821194254.el7ost.noarch

Similar settings work without ssl, also it worked without containers.
Comment 1 Attila Fazekas 2017-09-05 08:24:59 UTC 

*** This bug has been marked as a duplicate of bug 1486363 ***
Note You need to log in before you can comment on or make changes to this bug.