[detached-keystone plugin] OSTF should use public VIP to access Keystone if SSL is enabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Fix Released
|
High
|
Artem Panchenko | ||
8.0.x |
Fix Released
|
High
|
Artem Panchenko | ||
Mitaka |
Fix Released
|
High
|
Artem Panchenko |
Bug Description
Health checks engine fails to setup HTTP proxy if detached-keystone plugin is used for environment and SSL for OpenStack endpoints is enabled:
fuel_health.config: DEBUG: Trying to authenticate at "https:/
keystoneclient.
requests.
fuel_health.config: WARNING: Can not connect to Keystone with proxy on 10.109.5.8, error: Authorization Failed: SSL exception connecting to https:/
fuel_health.config: DEBUG: Traceback (most recent call last):
File "/usr/lib/
if self.check_
File "/usr/lib/
timeout=10)
File "/usr/lib/
self.
File "/usr/lib/
return func(*args, **kwargs)
File "/usr/lib/
resp = self.get_
File "/usr/lib/
_("
AuthorizationFa
OSTF tries to use detach_keystone_vip for accessing Keystone via HTTPS, but SSL endpoint is available only via public VIP by design:
no longer affects: | fuel |
no longer affects: | fuel/future |
tags: |
added: area-ostf removed: module-ostf ostf |
tags: |
added: module-ostf ostf removed: area-ostf |
tags: |
added: area-ostf removed: module-ostf ostf |
Fix proposed to branch: master /review. openstack. org/266520
Review: https:/