2034177 – The [keystone_authtoken] www_authenticate_uri parameter in glance-api.conf is set with an invalid url

Bug 2034177 - The [keystone_authtoken] www_authenticate_uri parameter in glance-api.conf is set with an invalid url

Summary: The [keystone_authtoken] www_authenticate_uri parameter in glance-api.conf is...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	16.1 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	OSP Team
QA Contact:	Joe H. Rahme
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2037439
TreeView+	depends on / blocked

Reported:	2021-12-20 10:26 UTC by Takashi Kajinami
Modified:	2022-03-24 11:02 UTC (History)
CC List:	3 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-11.3.2-1.20220111063405.29a02c1.el8ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-24 11:02:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	822243	None	NEW	Remove deprecated authtoken::auth_uri	2021-12-20 10:27:14 UTC
Red Hat Issue Tracker	OSP-11890	None	None	None	2021-12-20 10:31:28 UTC
Red Hat Product Errata	RHBA-2022:0986	None	None	None	2022-03-24 11:02:39 UTC

Description Takashi Kajinami 2021-12-20 10:26:01 UTC

Description of problem:

It was found that the [keystone_authtoken] www_authenticate_uri parameter points to 127.0.0.1 instead of the actual endpoint url with vip.

/var/lib/config-data/puppet-generated/glance_api/etc/glance/glance-api.conf
~~~
[keystone_authtoken]
www_authenticate_uri=http://127.0.0.1:5000
~~~


Version-Release number of selected component (if applicable):
This issue was initially found in RHOSP16.1.6

How reproducible:
Always

Steps to Reproduce:
1. Deploy overcloud
2. Check glance-api.conf in overcloud controllers

Actual results:
www_authenticate_uri points to 127.0.0.1

Expected results:
www_authenticate_url points to vip of internal_api network


Additional info:

Comment 1 Takashi Kajinami 2021-12-20 10:26:57 UTC

It seems we should backport https://review.opendev.org/c/openstack/tripleo-heat-templates/+/704238 to stable/train and RHOSP16.1.

I've proposed stable/train backport as https://review.opendev.org/c/openstack/tripleo-heat-templates/+/822243 .

Comment 2 Takashi Kajinami 2021-12-21 00:22:54 UTC

It turned out usage of internal endpoint is still incorrect and we should use public endpoint.
I've reported a different bug for that.
 https://bugzilla.redhat.com/show_bug.cgi?id=2034203

Maybe we should close this and continue in the above bug.

Comment 8 David Rosenfeld 2022-01-31 15:54:15 UTC

www_authenticate_uri points to vip of internal network. Below is found in: /var/lib/config-data/puppet-generated/glance_api/etc/glance/glance-api.conf

www_authenticate_uri=http://192.168.24.3:5000

Comment 15 errata-xmlrpc 2022-03-24 11:02:18 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.8 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:0986

Note You need to log in before you can comment on or make changes to this bug.