Mirantis OpenStack

(docs) horizon haproxy ssl

Bug #1494254 reported by Robert Duncan
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Invalid
High
MOS QA Team
Mirantis OpenStack 8.0
6.1.x
Won't Fix
High
MOS QA Team
Mirantis OpenStack 6.1-updates
7.0.x
Invalid
Undecided
MOS QA Team
Mirantis OpenStack 7.0-updates

Bug Description

build_id: 2015-06-19_13-02-31
build_number: '525'
feature_groups:
- mirantis
fuel-library_sha: 2e7a08ad9792c700ebf08ce87f4867df36aa9fab
fuel-ostf_sha: 8fefcf7c4649370f00847cc309c24f0b62de718d
fuelmain_sha: a3998372183468f56019c8ce21aa8bb81fee0c2f
nailgun_sha: dbd54158812033dd8cfd7e60c3f6650f18013a37
openstack_version: 2014.2.2-6.1
production: docker
python-fuelclient_sha: 4fc55db0265bbf39c369df398b9dc7d6469ba13b
release: '6.1'
release_versions:
  2014.2.2-6.1:
    VERSION:
      api: '1.0'
      astute_sha: 1ea8017fe8889413706d543a5b9f557f5414beae
      build_id: 2015-06-19_13-02-31
      build_number: '525'
      feature_groups:
      - mirantis
      fuel-library_sha: 2e7a08ad9792c700ebf08ce87f4867df36aa9fab
      fuel-ostf_sha: 8fefcf7c4649370f00847cc309c24f0b62de718d
      fuelmain_sha: a3998372183468f56019c8ce21aa8bb81fee0c2f
      nailgun_sha: dbd54158812033dd8cfd7e60c3f6650f18013a37
      openstack_version: 2014.2.2-6.1
      production: docker
      python-fuelclient_sha: 4fc55db0265bbf39c369df398b9dc7d6469ba13b
      release: '6.1'

I am following the operations guide for implementing ssl for Horizon here:
https://docs.mirantis.com/openstack/fuel/fuel-6.1/operations.html#howto-configure-horizon-on-https

I have followed the guide and successfully configured the vhost on CentOS 10-horizon_vhost.conf.

The virtual host is configured correctly and Listens on port 443 and redirects from port 80

then following the document at point 7

On every Controller, configure HAProxy enabling SSL. In this example, a pool of three servers is used. Modify /etc/haproxy/haproxy.cfg, adding this section:

frontend horizon-ssl
  bind <external-virtual-ip>:443
  balance roundrobin
  mode http
  option ssl-hello-chk
  server node-1 <node-1-ip>:443 check
  server node-2 <node-2-ip>:443 check
  server node-3 <node-3-ip>:443 check

,
when the above is added to haproxy.cfg and it's restarted it results in these warnings

Starting haproxy: [WARNING] 252/103200 (12004) : parsing [/etc/haproxy/haproxy.cfg:42] : 'balance' ignored because frontend 'horizon-ssl' has no backend capability.
[WARNING] 252/103200 (12004) : parsing [/etc/haproxy/haproxy.cfg:44] : 'ssl-hello-chk' ignored because frontend 'horizon-ssl' has no backend capability.
[WARNING] 252/103200 (12004) : parsing [/etc/haproxy/haproxy.cfg:45] : 'server' ignored because frontend 'horizon-ssl' has no backend capability.
[WARNING] 252/103200 (12004) : parsing [/etc/haproxy/haproxy.cfg:46] : 'server' ignored because frontend 'horizon-ssl' has no backend capability.
[WARNING] 252/103200 (12004) : parsing [/etc/haproxy/haproxy.cfg:47] : 'server' ignored because frontend 'horizon-ssl' has no backend capability.

here is my complete haproxy.cfg

# This file managed by Puppet
global
  daemon
  group haproxy
  log /dev/log local0
  maxconn 16000
  pidfile /var/run/haproxy.pid
  stats socket /var/lib/haproxy/stats
  tune.bufsize 32768
  tune.maxrewrite 1024
  user haproxy

defaults
  log global
  maxconn 8000
  mode http
  option redispatch
  option http-server-close
  option splice-auto
  retries 3
  stats enable
  timeout http-request 20s
  timeout queue 1m
  timeout connect 10s
  timeout client 1m
  timeout server 1m
  timeout check 10s

listen Stats
  bind 172.25.60.2:10000
  bind 127.0.0.1:10000
  mode http
  stats enable
  stats uri /
  stats refresh 5s
  stats show-node
  stats show-legends
  stats hide-version

frontend horizon-ssl
  bind 199.xxx.xxx.xxx:443
  balance roundrobin
  mode http
  option ssl-hello-chk
  server node-30 172.25.60.4:443 check
  server node-31 172.25.60.5:443 check
  server node-55 172.25.60.29:443 check

include conf.d/*.cfg

Vitaly Sedelnik (vsedelnik)
no longer affects: mos/6.1.x
no longer affects: mos/7.0.x
Changed in mos:
status: New → Incomplete
Revision history for this message
Timur Nurlygayanov (tnurlygayanov) wrote :

We are going to check the issue and will update the status when we will have some results.

Changed in mos:
assignee: nobody → Timur Nurlygayanov (tnurlygayanov)
assignee: Timur Nurlygayanov (tnurlygayanov) → MOS QA Team (mos-qa)
Revision history for this message
Roman Podoliaka (rpodolyaka) wrote :

QA team, could you please take a look and close the bug as Invalid, if it can't be reproduced?

Changed in mos:
status: Incomplete → Confirmed
importance: Undecided → High
Timur Nurlygayanov (tnurlygayanov)
Changed in mos:
status: Confirmed → Incomplete
Revision history for this message
Roman Podoliaka (rpodolyaka) wrote :

Timur, could you please comment on this before marking as Incomplete?

Changed in mos:
status: Incomplete → Confirmed
Timur Nurlygayanov (tnurlygayanov)
Changed in mos:
milestone: none → 6.1-updates
Revision history for this message
Timur Nurlygayanov (tnurlygayanov) wrote :

Marked as incomplete, MOS QA team should check the issue and fix it if we have the issue.

Changed in mos:
status: Confirmed → Incomplete
Revision history for this message
Roman Podoliaka (rpodolyaka) wrote :

Timur, could you please leave it as Confirmed and take a look?

Changed in mos:
status: Incomplete → Confirmed
Fuel Devops McRobotson (fuel-devops-robot)
Changed in mos:
milestone: 6.1-updates → 8.0
status: Confirmed → New
Roman Podoliaka (rpodolyaka)
Changed in mos:
status: New → Invalid
Revision history for this message
Alexey Stupnikov (astupnikov) wrote :

We no longer support MOS5.1, MOS6.0, MOS6.1
We deliver only Critical/Security fixes to MOS7.0, MOS8.0.
We deliver only High/Critical/Security fixes to MOS9.2.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.