Bug 1705904 - Cannot create non-terminated HTTPS load-balancer from Horizon
Summary: Cannot create non-terminated HTTPS load-balancer from Horizon
Keywords:
Status: CLOSED DUPLICATE of bug 1698467
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-octavia-ui
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Assaf Muller
QA Contact: Bruna Bonguardo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-05-03 08:00 UTC by David Gurtner
Modified: 2023-03-24 14:51 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-07 11:34:51 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Octavia Loadbalancer creation UI with HTTPS option missing (37.60 KB, image/png)
2019-05-03 08:00 UTC, David Gurtner
no flags Details


Links
System ID Private Priority Status Summary Last Updated
OpenStack Storyboard 2005589 0 None None None 2019-05-06 16:58:52 UTC
OpenStack gerrit 542075 0 None None None 2019-05-07 11:28:21 UTC
Red Hat Issue Tracker OSP-23662 0 None None None 2023-03-24 14:51:09 UTC

Description David Gurtner 2019-05-03 08:00:06 UTC
Created attachment 1562241 [details]
Octavia Loadbalancer creation UI with HTTPS option missing

Description of problem:

It is not possible to create a non-terminated HTTPS loadbalancer from Horizon.

HTTPS is missing from the protocol dropdown (compare attached picture).

Only TCP, HTTP and TERMINATED_HTTPS are listed and TERMINATED_HTTPS is grayed out, as it's not supported[1], and as is covered in BZ #1686883


In a bit more detail:

Octavia knows different protocols for Loadbalancer, specifically:
- TCP
- HTTP
- HTTPS
- TERMINATED_HTTPS

The first 3, i.e. TCP, HTTP and HTTPS are supported according to documentation[1]. They can be used successfully from the command-line.

In the case of HTTPS the commands are something like this:
openstack loadbalancer create --name lb1 --vip-subnet-id default
# Re-run the following until lb1 shows ACTIVE and ONLINE statuses:
openstack loadbalancer show lb1
openstack loadbalancer listener create --name listener1 --protocol HTTPS --protocol-port 443 lb1
openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTPS
openstack loadbalancer healthmonitor create --delay 5 --max-retries 4 --timeout 10 --type HTTPS --url-path /healthcheck pool1
openstack loadbalancer member create --subnet-id default --address 10.0.0.3 --protocol-port 443 pool1

This will launch an Amphora VM with an HAProxy backend, with the following config:
# Configuration for lb1
global
    daemon
    user nobody
    log /dev/log local0
    log /dev/log local1 notice
    stats socket /var/lib/octavia/3b136b4e-3348-4a8f-bcff-522326cada12.sock mode 0666 level user
    maxconn 1000000

defaults
    log global
    retries 3
    option redispatch
    timeout connect 5000
    timeout client 50000
    timeout server 50000



frontend 3b136b4e-3348-4a8f-bcff-522326cada12
    option tcplog
    maxconn 1000000
    bind 10.0.0.8:443
    mode tcp
    default_backend 6a7f7b60-4a0f-4674-b982-127bc86cb258

backend 6a7f7b60-4a0f-4674-b982-127bc86cb258
    mode tcp
    balance roundrobin
    timeout check 10s
    option httpchk GET /healthcheck
    http-check expect rstatus 200
    fullconn 1000000
    server da07b1b7-aecb-4d46-b06e-6d23639016fe 10.0.0.3:443 weight 1 check check-ssl verify none inter 5s fall 3 rise 4



This is different from using TCP or HTTP. In the case of TCP, the healthcheck options: "option httpchk GET /healthcheck" and "http-check expect rstatus 200" are missing. In the case of HTTP there is no "check-ssl verify none" options in the server lines. Consequently HTTPS is different and required.


[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html/networking_guide/sec-octavia#octavia_limitations


Version-Release number of selected component (if applicable):

Containers:
- Horizon: registry.access.redhat.con/rhosp13/openstack-horizon:13.0-67
- Octavia Housekeeping: registry.access.redhat.con/rhosp13/openstack-octavia-housekeeping:13.0-68
- Octavia API: registry.access.redhat.con/rhosp13/openstack-octavia-api:13.0-66
- Octavia Worker: registry.access.redhat.con/rhosp13/openstack-octavia-worker:13.0-68
- Octavia Healthmanager: registry.access.redhat.con/rhosp13/openstack-octavia-health-manager:13.0-68

Amphora:
- octavia-amphora-image-x86_64-13.0-20190418.1.el7ost.noarch


How reproducible:
always


Steps to Reproduce:
1. Deploy OSP13 with Octavia (and in my case Barbican, but I don't think that has an impact).
2. Connect to Horizon and try to launch a Loadbalancer

Actual results:
Only TCP and HTTP can be selected as protocols.

Expected results:
TCP, HTTP and HTTPS protocols can be selected.

Additional info:
This is not about the TERMINATED_HTTPS protocol, which is a separate BZ #1686883

Comment 2 Carlos Goncalves 2019-05-07 11:28:21 UTC
HTTPS was added to the Octavia dashboard in Rocky cycle: https://review.opendev.org/#/c/542075/

Comment 3 Carlos Goncalves 2019-05-07 11:34:51 UTC
The team has been working on backporting several dashboard features only available starting in OSP 14/Rocky to OSP 13/Queens. Part of that effort includes the backport of https://review.opendev.org/#/c/542075/. As so, I'll close this RHBZ as duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1698467

*** This bug has been marked as a duplicate of bug 1698467 ***


Note You need to log in before you can comment on or make changes to this bug.