Forcing SSL on Fuel break things

Hi planetrobbie,

could you, please, give us some information about your installation ISO? Diagnostic snapshot also would be nice to have. We need this, cause on last fuel ISO I don't have this problem - nailgun-agent don't move from HTTPS to HTTP due that fact it tries HTTPS first. Anyway - if I add

SSL:
    force_https: true

to /etc/fuel/astute.yaml and rebuild nginx container - nailgun-agent contunues work flawlessly, according to logs:

I, [2015-12-15T12:52:23.283748 #7205] INFO -- : API URL is https://10.109.0.2:8443/api
at depth 0 - 18: self signed certificate
E, [2015-12-15T12:52:33.876358 #7205] ERROR -- : execution expired
["/usr/lib/ruby/1.9.1/openssl/buffering.rb:53:in `sysread'", "/usr/lib/ruby/1.9.1/openssl/buffering.rb:53:in `fill_rbuff'", "/usr/lib/ruby/1.9.1/openssl/buffering.rb:200:in `gets'", "/usr/lib/ruby/vendor_ruby/httpclient/session.rb:352:in `gets'", "/usr/lib/ruby/vendor_ruby/httpclient/session.rb:879:in `block in parse_header'", "/usr/lib/ruby/vendor_ruby/httpclient/session.rb:875:in `parse_header'", "/usr/lib/ruby/vendor_ruby/httpclient/session.rb:858:in `read_header'", "/usr/lib/ruby/vendor_ruby/httpclient/session.rb:667:in `get_header'", "/usr/lib/ruby/vendor_ruby/httpclient.rb:1137:in `do_get_header'", "/usr/lib/ruby/vendor_ruby/httpclient.rb:1086:in `do_get_block'", "/usr/lib/ruby/vendor_ruby/httpclient.rb:887:in `block in do_request'", "/usr/lib/ruby/vendor_ruby/httpclient.rb:981:in `protect_keep_alive_disconnected'", "/usr/lib/ruby/vendor_ruby/httpclient.rb:886:in `do_request'", "/usr/lib/ruby/vendor_ruby/httpclient.rb:774:in `request'", "/usr/lib/ruby/vendor_ruby/httpclient.rb:689:in `put'", "/usr/bin/nailgun-agent:199:in `put'", "/usr/bin/nailgun-agent:776:in `<main>'"]
at depth 0 - 18: self signed certificate
I, [2015-12-15T12:53:07.140213 #12024] INFO -- : API URL is https://10.109.0.2:8443/api
at depth 0 - 18: self signed certificate
I, [2015-12-15T12:53:07.852799 #12024] INFO -- : MCollective is up to date with identity = 2
I, [2015-12-15T12:53:07.853078 #12024] INFO -- : Wrote data to file '/etc/nailgun_uid'. Data: 2

You can see execution expired in this log - it was time when I added force_ssl, destroyed nginx container and rebuilt it again - API was inaccessible in this period. After container was rebuilt - nailgun-agent continues to work via HTTPS port.

I deployed my environment from MOS 7.0 GA with Fuel updated using the documented workflow [yum update ...] yesterday evening.

CLI were also unable to perform any action. I had to remove the option and redeploy which worked fine after removing it.

In Fuel 7.0 nailgun-agent on bootstrap nodes by default uses connection via SSL port (8433) and switching nailgun server to HTTPS doesn't make any impact on discovering nodes.
But on deployed nodes nailgun agent connects to HTTP port (8000) by default. So it's necessary to change url in configuration file /etc/nailgun-agent/config.yaml on all deployed nodes for proper work of nailgun agent in this case.