Heat WaitCondition URL points to internalURL Endpoint
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Invalid
|
Undecided
|
Unassigned | ||
Juno |
Fix Released
|
High
|
Miguel Grinberg | ||
Kilo |
Invalid
|
Undecided
|
Unassigned | ||
Trunk |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When using the WaitCondition resource in Heat (RPC 10+) the get_attr: ['wait_handle', 'curl_cli'] } call will return a internal URL as endpoint not a public one. Since those handles are used to trigger handles from inside the instance, the internal IP in such cases is usually not usable.
At this time I recommend to set the token heat_watch_
"{{ heat_watch_proto }}://{{ external_
Additional changes might be necessary inside the heat.conf.
I did test alternative options to set the heat watch server URI the URL above and also the [client] section inside the heat.conf to publicURL but it still was using the internal URL endpoints. So we need to investigate this a little more.
Example hot template:
heat_template_
description: >
HOT template to demonstrate usage of the Heat native waitcondition resources
This is expected to work with any image containing curl and something which
runs the raw user-data script, e.g cirros or some image containing cloud-init
parameters:
key_name:
type: string
description: Name of keypair to assign to server
default: rpc_support
image:
type: string
description: Name of image to use for server
default: "Ubuntu 14.04.1 LTS Trusty Tahr (cloudimg)"
flavor:
type: string
description: Flavor to use for server
default: m1.small
timeout:
type: number
description: Timeout for WaitCondition, depends on your image and environment
default: 120
resources:
wait_condition:
type: OS::Heat:
properties:
handle: {get_resource: wait_handle}
# Note, count of 5 vs 6 is due to duplicate signal ID 5 sent below
count: 5
timeout: {get_param: timeout}
wait_handle:
type: OS::Heat:
instance1_port0:
type: OS::Neutron::Port
properties:
admin_
network_id: 57942055-
security_
- rpc-support
instance1:
type: OS::Nova::Server
properties:
image: {get_param: image}
flavor: {get_param: flavor}
key_name: {get_param: key_name}
user_
networks:
- port: { get_resource: instance1_port0 }
user_data:
template: |
# Below are some examples of the various ways signals
# can be sent to the Handle resource
# Simple success signal
params:
In such case the call
get_attr: ['wait_handle', 'curl_cli'] }
will create the example curl
curl -i -X POST -H 'X-Auth-Token: xxxxxx' -H 'Content-Type: application/json' -H 'Accept: application/json' http://
Hey Bjoern,
For the OS::Heat: :WaitCondition resource the Heat signal URL is obtained from the catalog. The [client_heat] section in heat.conf has the endpoint_type setting, which determines which of the public, internal, admin endpoints are to be used. The watch server setting is not used in this resource as far as I remember, that is for cloudformation resources.
In master and kilo we have it set as follows:
[clients_heat]
endpoint_type = publicURL
But in Juno we have it set to internalURL. Reference: https:/ /github. com/stackforge/ os-ansible- deployment/ blob/juno/ rpc_deployment/ roles/heat_ common/ templates/ heat.conf# L55.
My expectation is that you are seeing this problem only in the Juno release. Correct?