Bug 1584858
| Summary: | Cannot access director ui https://<ip>:3000 returns (35) SSL received a record that exceeded the maximum permissible length. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Stan Toporek <stoporek> | ||||
| Component: | rhosp-director-ui | Assignee: | Dan Trainor <dtrainor> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Arik Chernetsky <achernet> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 12.0 (Pike) | CC: | beth.white, dtrainor, jrist | ||||
| Target Milestone: | --- | Keywords: | Triaged | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-06-15 18:36:04 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Stan Toporek
2018-05-31 20:04:17 UTC
Created attachment 1446807 [details]
Cleaned httpd error.log
Hi Stan, thanks for the bug report. This error occurs when trying to make an SSL connection to a non-SSL port. In this case, port tcp/3000 represents the unencrypted port on the ctlplane network of the Undercloud. SSL connections are terminated by HAProxy, which listens on (among others) the routable IP address of the Undercloud. Generally, this is the value of what undercloud_public_host[0] was set to. HAProxy then uses a backend of the Apache server, which serves the UI unencrypted, listening on the ctlplane address. HAProxy is the SSL terminating proxy. I suspect that the CU is attempting to make an SSL connection to the non-SSL port. At this point, they have two options: a) Access the UI using SSL on the routable IP address of the Undercloud (generatlly, whatever undercloud_public_host is set to). This port will be tcp/443 b) Access the UI using non-SSL on the ctlplane IP address of the Undercloud. This port will be tcp/3000. I read in the support ticket that attempts to make a connection to the UI succeeded, but there was limited information about what URL was used to access the UI. I'd evaluate this information and make the distinction between SSL and non-SSL connections to the UI, and use whichever convention that the CU prefers. I'll close this out as WONTFIX since this appears to be operating as design, but with incorrect parameters. If you feel this warrants more investigation, please feel free to re-open it. --- [0] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html-single/director_installation_and_usage/index#sect-Configuring_the_Director |