Created attachment 1562241 [details] Octavia Loadbalancer creation UI with HTTPS option missing Description of problem: It is not possible to create a non-terminated HTTPS loadbalancer from Horizon. HTTPS is missing from the protocol dropdown (compare attached picture). Only TCP, HTTP and TERMINATED_HTTPS are listed and TERMINATED_HTTPS is grayed out, as it's not supported[1], and as is covered in BZ #1686883 In a bit more detail: Octavia knows different protocols for Loadbalancer, specifically: - TCP - HTTP - HTTPS - TERMINATED_HTTPS The first 3, i.e. TCP, HTTP and HTTPS are supported according to documentation[1]. They can be used successfully from the command-line. In the case of HTTPS the commands are something like this: openstack loadbalancer create --name lb1 --vip-subnet-id default # Re-run the following until lb1 shows ACTIVE and ONLINE statuses: openstack loadbalancer show lb1 openstack loadbalancer listener create --name listener1 --protocol HTTPS --protocol-port 443 lb1 openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTPS openstack loadbalancer healthmonitor create --delay 5 --max-retries 4 --timeout 10 --type HTTPS --url-path /healthcheck pool1 openstack loadbalancer member create --subnet-id default --address 10.0.0.3 --protocol-port 443 pool1 This will launch an Amphora VM with an HAProxy backend, with the following config: # Configuration for lb1 global daemon user nobody log /dev/log local0 log /dev/log local1 notice stats socket /var/lib/octavia/3b136b4e-3348-4a8f-bcff-522326cada12.sock mode 0666 level user maxconn 1000000 defaults log global retries 3 option redispatch timeout connect 5000 timeout client 50000 timeout server 50000 frontend 3b136b4e-3348-4a8f-bcff-522326cada12 option tcplog maxconn 1000000 bind 10.0.0.8:443 mode tcp default_backend 6a7f7b60-4a0f-4674-b982-127bc86cb258 backend 6a7f7b60-4a0f-4674-b982-127bc86cb258 mode tcp balance roundrobin timeout check 10s option httpchk GET /healthcheck http-check expect rstatus 200 fullconn 1000000 server da07b1b7-aecb-4d46-b06e-6d23639016fe 10.0.0.3:443 weight 1 check check-ssl verify none inter 5s fall 3 rise 4 This is different from using TCP or HTTP. In the case of TCP, the healthcheck options: "option httpchk GET /healthcheck" and "http-check expect rstatus 200" are missing. In the case of HTTP there is no "check-ssl verify none" options in the server lines. Consequently HTTPS is different and required. [1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html/networking_guide/sec-octavia#octavia_limitations Version-Release number of selected component (if applicable): Containers: - Horizon: registry.access.redhat.con/rhosp13/openstack-horizon:13.0-67 - Octavia Housekeeping: registry.access.redhat.con/rhosp13/openstack-octavia-housekeeping:13.0-68 - Octavia API: registry.access.redhat.con/rhosp13/openstack-octavia-api:13.0-66 - Octavia Worker: registry.access.redhat.con/rhosp13/openstack-octavia-worker:13.0-68 - Octavia Healthmanager: registry.access.redhat.con/rhosp13/openstack-octavia-health-manager:13.0-68 Amphora: - octavia-amphora-image-x86_64-13.0-20190418.1.el7ost.noarch How reproducible: always Steps to Reproduce: 1. Deploy OSP13 with Octavia (and in my case Barbican, but I don't think that has an impact). 2. Connect to Horizon and try to launch a Loadbalancer Actual results: Only TCP and HTTP can be selected as protocols. Expected results: TCP, HTTP and HTTPS protocols can be selected. Additional info: This is not about the TERMINATED_HTTPS protocol, which is a separate BZ #1686883
HTTPS was added to the Octavia dashboard in Rocky cycle: https://review.opendev.org/#/c/542075/
The team has been working on backporting several dashboard features only available starting in OSP 14/Rocky to OSP 13/Queens. Part of that effort includes the backport of https://review.opendev.org/#/c/542075/. As so, I'll close this RHBZ as duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1698467 *** This bug has been marked as a duplicate of bug 1698467 ***