Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1584858

Summary: Cannot access director ui https://<ip>:3000 returns (35) SSL received a record that exceeded the maximum permissible length.
Product: Red Hat OpenStack Reporter: Stan Toporek <stoporek>
Component: rhosp-director-uiAssignee: Dan Trainor <dtrainor>
Status: CLOSED NOTABUG QA Contact: Arik Chernetsky <achernet>
Severity: high Docs Contact:
Priority: low    
Version: 12.0 (Pike)CC: beth.white, dtrainor, jrist
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-15 18:36:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Cleaned httpd error.log none

Description Stan Toporek 2018-05-31 20:04:17 UTC 
Description of problem:
Cu does installs tripleO undercloud with no errors. Cu attempts to connect to https://<ip>:3000 and the request fails with the following error:

Secure Connection Failed
An error occurred during a connection to 10.0.0.231:3000.  SSL received a record that exceeded the
maximum permission length.  Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Cu cannot access undercloud webui. Tried Chrome and Firefox both failed.

Version-Release number of selected component (if applicable):


How reproducible:
Everytime

Steps to Reproduce:
1.Install undercloud
2.attempt to connect to undercloud webui (used Chrome and Firefox)
3.

Actual results:

Secure Connection Failed
An error occurred during a connection to 10.0.0.231:3000.  SSL received a record that exceeded the
maximum permission length.  Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Expected results:

THe beautiful undercloud webpage login appears.

Additional info:
Comment 1 Stan Toporek 2018-06-01 20:31:02 UTC 
Created attachment 1446807 [details]
Cleaned httpd error.log
Comment 2 Dan Trainor 2018-06-15 18:36:04 UTC 
Hi Stan, thanks for the bug report.

This error occurs when trying to make an SSL connection to a non-SSL port.  In this case, port tcp/3000 represents the unencrypted port on the ctlplane network of the Undercloud.  

SSL connections are terminated by HAProxy, which listens on (among others) the routable IP address of the Undercloud.  Generally, this is the value of what undercloud_public_host[0] was set to.  HAProxy then uses a backend of the Apache server, which serves the UI unencrypted, listening on the ctlplane address.  HAProxy is the SSL terminating proxy.

I suspect that the CU is attempting to make an SSL connection to the non-SSL port.  At this point, they have two options:

a)  Access the UI using SSL on the routable IP address of the Undercloud (generatlly, whatever undercloud_public_host is set to).  This port will be tcp/443
b)  Access the UI using non-SSL on the ctlplane IP address of the Undercloud.  This port will be tcp/3000.

I read in the support ticket that attempts to make a connection to the UI succeeded, but there was limited information about what URL was used to access the UI.  I'd evaluate this information and make the distinction between SSL and non-SSL connections to the UI, and use whichever convention that the CU prefers.

I'll close this out as WONTFIX since this appears to be operating as design, but with incorrect parameters.  If you feel this warrants more investigation, please feel free to re-open it.

---
[0] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html-single/director_installation_and_usage/index#sect-Configuring_the_Director