Juniper Openstack

SM: keystone endpoints should be registered using VIP ip and not individual controller ips

Bug #1567767 reported by Senthilnathan Murugappan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R3.0
Won't Fix
High
Nitish Krishna Kaveri
R3.0.3.x
Won't Fix
High
Nitish Krishna Kaveri
R3.1
Fix Committed
High
Nitish Krishna Kaveri
Juniper Openstack r3.1.0.0-fcs
Trunk
Fix Committed
High
Nitish Krishna Kaveri
Juniper Openstack r3.2.0.0-fcs "r3.2.0.0"

Bug Description

Keysonte endpoints should be registered using VIP.
If we add individual nodes this would result in single point of failure breaking HA.

Also observed there are multiple endpoints for the same ip, which is cosmetic though

root@b5s27:/var/log/contrail# keystone endpoint-list | grep 35357
| 2373d1288e0d4b85a8f1e04007e73b2c | RegionOne | http://10.84.25.31:5000/v2.0 | http://10.84.25.31:5000/v2.0
| http://10.84.25.31:35357/v2.0 | d5ee0b35d29647acb5a014b134eb4720 |
| 37a3b957f6b44b9d8d6e13fb8f2df41a | RegionOne | http://10.84.25.31:5000/v2.0 | http://10.84.25.31:5000/v2.0
| http://10.84.25.31:35357/v2.0 | d5ee0b35d29647acb5a014b134eb4720 |
| 39a713be819243cb98b53961082161f6 | RegionOne | http://10.84.25.27:5000/v2.0 | http://10.84.25.27:5000/v2.0
| http://10.84.25.27:35357/v2.0 | d5ee0b35d29647acb5a014b134eb4720 |
| 5106687a3a3a40498688cf6cafda741b | RegionOne | http://10.84.25.30:5000/v2.0 | http://10.84.25.30:5000/v2.0
| http://10.84.25.30:35357/v2.0 | d5ee0b35d29647acb5a014b134eb4720 |
| 6c53ed1ed5944d40aae9ae6028ec866b | RegionOne | http://10.84.25.31:5000/v2.0 | http://10.84.25.31:5000/v2.0
| http://10.84.25.31:35357/v2.0 | d5ee0b35d29647acb5a014b134eb4720 |
| a37f44eae3ce47c8a8e22b6e65a8e6ff | RegionOne | http://10.84.25.29:5000/v2.0 | http://10.84.25.29:5000/v2.0
| http://10.84.25.29:35357/v2.0 | d5ee0b35d29647acb5a014b134eb4720 |
| c08a6f0ac6024f45943bc571fcee0e5c | RegionOne | http://10.84.25.28:5000/v2.0 | http://10.84.25.28:5000/v2.0
| http://10.84.25.28:35357/v2.0 | d5ee0b35d29647acb5a014b134eb4720 |
| df88a332b2a8434da9ad86d5263ea740 | RegionOne | http://10.84.25.30:5000/v2.0 | http://10.84.25.30:5000/v2.0
| http://10.84.25.30:35357/v2.0 | d5ee0b35d29647acb5a014b134eb4720 |
| f8d9e3c93ec4429896892226f369a82b | RegionOne | http://10.84.25.28:5000/v2.0 | http://10.84.25.28:5000/v2.0
| http://10.84.25.28:35357/v2.0 | d5ee0b35d29647acb5a014b134eb4720 |
root@b5s27:/var/log/contrail#

See original description
Revision history for this message
Abhay Joshi (abhayj) wrote :

Will not fix in 3.0.x. The problem has been there since much earlier releases and we do not have time to fix in 3.0. This will be taken care in 3.1. It's not a critical issue.

Revision history for this message
Nitish Krishna Kaveri (nitishk) wrote :
Download full text (3.2 KiB)

Issue seen in 3.1 build 6 but different:

+----------------------------------+-----------+-------------------------------------------+----------------------------------------+----------------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
 +----------------------------------+-----------+-------------------------------------------+----------------------------------------+----------------------------------------+----------------------------------+
| 11e98d9f3262499c9d5ba0fb3a1eb23c | RegionOne | http://internal_vip:8000/v1 | http://5.5.5.100:8000/v1 | http://5.5.5.100:8000/v1 | cbb06678a80c4fd3ab59211f8423eff3 |
| 1310592482cd4d26b05024fb3aec2de1 | RegionOne | http://5.5.5.100:8773/services/Cloud | http://5.5.5.100:8773/services/Cloud | http://5.5.5.100:8773/services/Admin | ae20462be26847dfb8b1830068d11d45 |
| 1ed19461d7c6401e962011cb170057d3 | RegionOne | http://5.5.5.100:9696 | http://5.5.5.100:9696 | http://5.5.5.100:9696 | 99b7ca5d62114d9eb481f2527fed016c |
| 567b6d83fd5144d3b80f38977f7122e0 | RegionOne | http://5.5.5.100:5000/v2.0 | http://5.5.5.100:5000/v2.0 | http://5.5.5.100:35357/v2.0 | c6b47a9003674500b4b2fc5cee797bfa |
| 85267a4088a1468eab5840d26af74d09 | RegionOne | http://5.5.5.100:8774/v3 | http://5.5.5.100:8774/v3 | http://5.5.5.100:8774/v3 | d82f7e30906d47c699ec1bdd712fb737 |
| 92faa0392c174f0ca84dfe59a6e6a7aa | RegionOne | http://internal_vip:8004/v1/%(tenant_id)s | http://5.5.5.100:8004/v1/%(tenant_id)s | http://5.5.5.100:8004/v1/%(tenant_id)s | 079ce326550e4b8ab44db1125786bc64 |
| a6c745701738422bafffb6143a593a2b | RegionOne | http://5.5.5.100:8774/v2/%(tenant_id)s | http://5.5.5.100:8774/v2/%(tenant_id)s | http://5.5.5.100:8774/v2/%(tenant_id)s | c0ab1b60c2334fe4a80e72f3ea85f20f |
| a79a47af13044f4cb91ba8ae27e94377 | RegionOne | http://5.5.5.100:8776/v2/%(tenant_id)s | http://5.5.5.100:8776/v2/%(tenant_id)s | http://5.5.5.100:8776/v2/%(tenant_id)s | eb5a290742cd4e67b75aeb03b2379021 |
| d18c66100bd84f04beb3761fe2ead8b5 | RegionOne | http://5.5.5.100:9292 | http://5.5.5.100:9292 | http://5.5.5.100:9292 | 2ecd2c8c6b3c4416a9aff1fa9d704d59 |
| d5bf219e17ac4ec3b7de835f1968eacb | RegionOne | http://internal_vip:8777 | http://5.5.5.100:8777 | http://5.5.5.100:8777 | fd4e7a52bd6d4dcdba40f5be49d702b2 |
| d668d3627d7146cfb11e80903d221031 | RegionOne | http://5.5.5.100:8776/v1/%(tenant_id)s | http://5.5.5.100:8776/v1/%(tenant_id)s | http://5.5.5.100:8776/v1/%(tenant_id)s | 8f023fe19ed64317bc3c7be6d8596bd2 |
 +----------------------------------+-----------+-------------------------------------------+----------------------------------------+----------------------------------------+----------------------------------+

For two...

Read more...

description: updated
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.1

Review in progress for https://review.opencontrail.org/22785
Submitter: Dheeraj Gautam (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/22785
Committed: http://github.org/Juniper/contrail-puppet/commit/5c8dbff27338c0243e5ad53ce2919b5eb0330469
Submitter: Zuul
Branch: R3.1

commit 5c8dbff27338c0243e5ad53ce2919b5eb0330469
Author: Dheeraj Gautam <email address hidden>
Date: Tue Aug 2 21:42:44 2016 -0700

SM-Liberty: Fix HA issues

Partial-Bug: #1593675
Closes-Bug: #1567767

1. Fix internal_ip in keystone endpoints
2. Ensure nova-manage command and neutron-common resources orddering
3. Ensure nova-compute gets restarted after nova_config changes and
compute_server_setup.sh
4. Ensure keystone endpoints are created from a single node (opesntack[0])
instead of each openstack node

TESTING:

Liberty:
1. provisioned 1 all-in-one node, verified that provision is completed
2. added image, created a network, subnetwork and 2 VMs, verified VMs are
active.
3. Logged-in to instance using shell.
4. VMs are able to ping each other.
5. VM is able get http://169.254.269.254/openstack (metadata service)

Change-Id: Iba4df7dbf9a5570041498ffee0e38421c92192cf

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/22868
Submitter: Dheeraj Gautam (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/22868
Committed: http://github.org/Juniper/contrail-puppet/commit/bfe9660cb4ea719bbe68bbfaeb1646bbe3cf384a
Submitter: Zuul
Branch: master

commit bfe9660cb4ea719bbe68bbfaeb1646bbe3cf384a
Author: Dheeraj Gautam <email address hidden>
Date: Tue Aug 2 21:42:44 2016 -0700

SM-Liberty: Fix HA issues

Partial-Bug: #1593675
Closes-Bug: #1567767

1. Fix internal_ip in keystone endpoints
2. Ensure nova-manage command and neutron-common resources orddering
3. Ensure nova-compute gets restarted after nova_config changes and
compute_server_setup.sh
4. Ensure keystone endpoints are created from a single node (opesntack[0])
instead of each openstack node

TESTING:

Liberty:
1. provisioned 1 all-in-one node, verified that provision is completed
2. added image, created a network, subnetwork and 2 VMs, verified VMs are
active.
3. Logged-in to instance using shell.
4. VMs are able to ping each other.
5. VM is able get http://169.254.269.254/openstack (metadata service)

Conflicts:
 contrail/environment/modules/contrail/manifests/compute/config.pp
 contrail/environment/modules/contrail/manifests/compute/service.pp
 contrail/environment/modules/contrail/manifests/profile/neutron_db_sync.pp
 contrail/environment/modules/contrail/manifests/profile/openstack/neutron.pp

Change-Id: Iba4df7dbf9a5570041498ffee0e38421c92192cf

Revision history for this message
Nitish Krishna Kaveri (nitishk) wrote :

Won't fix in 3.0 branches per Abhay's comment
https://bugs.launchpad.net/juniperopenstack/r3.0/+bug/1567767/comments/1

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.